How can I prevent Virtualmin from storing passwords in cleartext? [closed]

security password

I am really surprised at this behavior. In Virtualmin, I can see the password for any SSH user by clicking the "(Show..)" link next to the "Password ( ) Leave unchanged" option in a variety of locations. I have found that the passwords for all users including users with SSH access are stored in cleartext files in /etc/webmin/... This seems like an unnecessary risk! How can I prevent Virtualmin from storing passwords in this manner?


The last release of Virtualmin (3.88.gpl) has the feature "Hashed password storage"

So it's now possible:

Hashed password storage

Storage of plaintext passwords for virtual servers and mailboxes can now be disabled on a per-template basis. Virtualmin will instead store only hashed passwords in multiple formats, which prevents passwords from being compromised if the system is hacked. This feature should ideally be enabled before any virtual servers have been created.

Related

lsync, unison or some other inotify auto-syncing tool..?
How do I use robocopy to list all files over a certain size recursively?
Secondary IP (eth0:0) acts like main server IP
Ubuntu full disc encryption on Hetzner Cloud adding add static route in initramfs
Why isn't my public key allowing me to sign in without a password?
Finding out what causes CLOSE_WAIT connections with Apache & PHP & Mysql
Setting up Redmine With the Bitnami stack installer on Windows Server 2003
How do I pipe commands together in a debian preseed file?
Security issue on Nginx, PHP & fastcgi_split_path_info
Is Tomcat vulnerable to the Apache DoS vulnerability in CVE-2011-3192?
Redirect browser based on non-negotiable SSL/TLS protocol or cipher
(Ubuntu) setuid bash doesn't work