"Keep MySQL and administration passwords in sync" is set to Yes by default on all installations I have seen. Moreover, it doesn't even do anything; systems are created with one password, and the database user gets a different, random password.

Either way, the real reason I am reporting this is that the whole feature should be deleted. It's a stupid security risk.

Imagine a PHP exploit where someone manages to file_get_contents() the database config file of the script. Now they have the whole system password.

System password should NEVER match MySQL password and having a module built-in for that purpose is just bad, bad, bad.

Also, even when the option is disabled, there's a hardcoded warning string in "Edit Databases - Passwords" in Virtualmin, always saying " By default they are kept the same as the server's administration password." (confusing end-users, because it's FALSE, they are A) not kept in sync by default, and B) totally disabled that option on my systems.) I solved that by patching the file to get rid of that part of the string for now.

Closed (works as designed)


You're right that it's insecure, though it's a convenience vs security decision that the system administrator needs to make.

During the post-install wizard, it asks whether to use password hashing, or to store passwords in clear-text

If password hashing is chosen, the database password is not kept in sync with the Virtual Server owner.

Using plain text passwords is indeed the default, so the message you're seeing is correct.

You're both right here - when hashed passwords are in use, the MySQL password is randomly generated and never kept in sync with the admin password.

However, it makes no sense to show that template option in this case - I will remove it.