LinkBack URL
About LinkBacks
Password Change sent in Plain Text ?
I just did a password change of a cpanel account (via cPanel) and noticed the following in the daily logwatch email.
The actual new password was where I've replaced the text with 'mynewpassword'.
Should this be happening? This password is esentially now in my logs in plaintext !?
Code:--------------------- Connections (secure-log) Begin ------------------------ **Unmatched Entries** Cp-Wrap[14603]: Pushing "511 CHECKDOMAINIPFORSSL myurl.com " to '/usr/local/cpanel/bin/ssladmin' for UID: 511 Cp-Wrap[24439]: Pushing "511 LISTDBSWITHSPACE " to '/usr/local/cpanel/bin/mysqladmin' for UID: 511 Cp-Wrap[24555]: Pushing "511 REFRESH 0 0 " to '/usr/local/cpanel/bin/ftpadmin' for UID: 511 Cp-Wrap[24560]: Pushing "511 UPDATEPRIVS " to '/usr/local/cpanel/bin/mysqladmin' for UID: 511 Cp-Wrap[24564]: Pushing "511 CHANGEPASSWD mynewpassword" to '/usr/local/cpanel/bin/securityadmin' for UID: 511 Cp-Wrap[24578]: Pushing "511 LISTSTORE 0 0 " to '/usr/local/cpanel/bin/ftpadmin' for UID: 511 11326 Ignored Lines ---------------------- Connections (secure-log) End -------------------------
Reply With Quote
