5

Security bug in cPanel login

view full story
linux-howto

http://forums.cpanel.net – Hi, turns out this is probably the easiest way to report a problem... You have (what I'd consider) a security bug in your cPanel login system. On a reseller account (for example) if a user has the same password as the administrator then even if the user logs into their site with their username and their password (which happens to be the same as the admin) then they get logged in as the admin! = Not good!! James (HowTos)

Danial's picture
Submitted by Danial on 05/23/2012 – Made popular on 05/23/2012

Stories similar to Security bug in cPanel login

Hello,

We have a reseller on our server, which for a long time now have only used the reseller-part of his account. Now he wanted his own site moved to his reseller account, and I naturally just used his existing account, the reseller account, to put the website on.

The website is working and accessible, however, he can not log into cPanel. He gave me his password, and I tried the followin

I am using ubuntu11.10 64 bit version . while checking the user account i have changed my admin user as an standard user. As aresult there is no more admin user. and here the problem begins . whereever authentication is needed it is asking for admin password .

I have Ubuntu 12.04 LTS installed and have read many articles on finding a way to change the admin password as i forgot it after installing it a while ago. I have 2 users on this comp which i know the pass to 1 but the admin 1st user i can no longer get into. I have tried many ways like going through grub, root and trying to unmount.

Since upgrading from Ubuntu 11.04 to 11.10, switching from one logged-in account to another by choosing a user from the list in the menu does not require a password.

WHM cPanel and CPU 44 weeks 1 day ago

I am a website Administrator new to WHM and cPanel management.

The problem I have is CPU.

I have the same problem on a Server that I am Admin on and a Server where I am a Client. Both Servers set CPU limits to 10%.

I will start with the Server where I am a Client to give you an Example.

My account was Terminated for using 100% CPU over 5 hours. The information was taken from the WHM

Does Screen OS support password policy to enforce the admin or user password change on a periodic basis

As per the current implementation for the password policy, Screen OS only supports to enforce a minimum length and a complexity scheme for administrator (admin) and authenticated (auth) user passwords. How ever there are companys who require the firewall to enforce a admin or user password cha

Environment: Windows 2003 AD Host: Windows 7 Pro VMWare Guest: Windows XP

I use a normal user but I also have AD Admin rights (via another user).

I use my AD account to login on the host as well on the aforementioned guest system. They don't share their profiles, so no problems here.

I had reason to change my user (AD) password.

Received via email, an obvious phishing scam. Wanted to make Cpanel and others aware, as it resembled the infamous "your account is over quota" one from "your email administrator" that was being passed around recently.

system administrator needed 18 weeks 1 day ago

Hi all,

I'm looking for a new sys admin partner. We have a couple of dozen Cpanel servers and occasionally we need the help of a Cpanel sys admin.

Typical tasks: - General Linux problems - Crashed database recovery - Security issues - ...

Basically all the stuff that isn't included in Cpanel's support.

We need remote hands on and we need to be able to contact you 24/7.