You are currently viewing Contabo requesting password in cleartext for support

Contabo requesting password in cleartext for support

Originally Posted by bear
View Post
And that’s why sending it over ordinary email is a huge issue. It can be seen all along the way unless the email itself is encrypted end to end.

Sure, it can be. And I’m not trying to make light of the situation. But how long would it take that intercepted password to reach a malicious minded person? An hour? 2 hours? A day? So as long as you change the password within that time, the chance of abuse is minimal.

Of course, nobody really knows how long it would take for that information to get into the bad guy’s hands. So any time is a potential risk. But, realistically, unless you’re talking about several hours or days – this can all probably be mitigated by quickly changing the root password when the work is done. A risk? Sure. But if you need someone else to do the work for you… what other options do you have?

Having said all of that, I’m not sure about Contabo – but a lot of providers have a place on their OAM where you can update the root password, perhaps that’s an option. Or perhaps you can reset the password back to the original password they used when they first set up the service – maybe they still have that information.

If you update the root password in the service’s OAM system, I still recommend changing it after the work is done. If any of the providers we use have this in their portal, I can guarantee you the information is not correct as it pertains to our servers. My providers never have the correct root password for any of our servers in their system, it helps me and it helps them, because they can never be accused of leaking the correct information.

Leave a Reply