Secure one way encrypted password storage (no mail_auth_view for gdpr, pci-dss, nis2)
Mail password are encrypted but not hashed.
Clear text password are available using the utility
/usr/local/psa/admin/bin/mailauthview
This is just symmetric everyone not the good practice. See OWASP :
https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html
It does not meet many regulations (often referring to good practices or OWASP) and it's an unnecessary security risk of password exposure.
Please add an option to have mail user password hashed one way.
Thanks.
1
vote
Laurent Chouraki
shared this idea