A potential security vulnerability was found that impacts Parallels Plesk Panel for Linux 11, 11.5 and 12 preview.
A minor vulnerability in Plesk exists that can theoretically provide unauthorized users access to the content of the
/etc/psa/private/secret_key file on Linux and the same secret key in the registry on Windows. You can read more about the foundation of this vulnerablilty and the astronomically large computational resources required for anything more than theoretical exploitation here.
Parallels confirms this vulnerability exists but exploit would require a nearly unattainable amount of computational resources to determine the necessary 16 byte random security number. Therefore, the threat posed by this vulnerability is extremely low.
Vulnerability has been fixed on April 29, 2014 in the following microupdates:
- Parallels Plesk Panel 11.5.30 MU#44
- Parallels Plesk Panel 11.0.9 MU#61
Parallels urges all customers to turn on automatic microupdates.