Can you explain this vulnerability to me?

This vulnerability affects Plesk Obsidian versions 8.0.1 through 18.0.73 and is a Denial of Service (DoS) condition. It occurs in the get_password.php endpoint, where an attacker can send a specially crafted request containing a malicious payload. This causes the web interface to continuously reload, making the service unavailable to legitimate users. The attack can be performed remotely without any authentication.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

The vulnerability can cause a persistent denial of service on the affected Plesk Obsidian instance, making the web interface unavailable to legitimate users. This impacts the availability of the service, potentially disrupting server management and hosted websites.

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

You can detect this vulnerability by monitoring for unusual or repeated requests to the get_password.php endpoint on your Plesk Obsidian web interface. Specifically, look for crafted requests that cause continuous reloads or high availability impact. Network monitoring tools or web server logs can be used to identify such suspicious activity. However, no specific commands or detection scripts are provided in the available resources. [1]

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting access to the get_password.php endpoint, applying any available patches or updates from Plesk for versions 8.0.1 through 18.0.73, and monitoring the service for abnormal reload behavior. Since the vulnerability can be exploited remotely without authentication, consider implementing network-level protections such as firewall rules to limit access to the affected endpoint until a patch is applied. [1]

Useful 0 Not Useful 0