Hello! I and my clients noticed that - partly typed passwords works for /stats/ directory and for FTP access. Example: Orginal password: Lainite9449270 User can log in to ftp and /stats/ directory just typing username and password: Lainite9 can access to his account. this not works for ispconfig login. I tried to do something with password: p@55w0rd but unsuccesofully. Somewhere is little bug what allows gain access, but i can't notice where and how to fix it.
it's because the maximum password lenght recognized by unix crypt is 8 chars. You can search in the forum I think to see how to use md5 crypt with ispconfig
