Aziz

**Name of the Vulnerable Software and Affected Versions:** Plesk Obsidian version 18.0.70 **Description:** The ` isAdminPasswordValid` function in Plesk Obsidian uses a weak comparison (`==`) which allows an attacker to bypass the administrator password if the correct password is in the format "0e" followed by any digit string. An attacker can then log in using any string that evaluates to 0.0, such as "0e0". This issue is located in the `admin/plib/LoginManager.php` file. Approximately 11.6 million services are estimated to be affected worldwide. **Recommendations:** Plesk Obsidian version 18.0.70: Update to a newer version that addresses this authentication bypass issue. As a temporary workaround, consider restricting access to the `admin/plib/LoginManager.php` file until a patch is available.