User password the same as root issue
Hi all,
I have Cpanel installed on a VPS. Yesterday I created a new account which used the same password as the rooter user. When I then logged into the account, I had the drop down at the top of the homepage showing all accounts on the server.
I changed the password for the user, logged out and back in again, and everything was back to normal.
I thought this was strange and wondered if this might be a bug?
I should probably also notify my hosting company.
Fairly sure that's a feature. Easy fix: don't have the passwords the same. :P
a feature, surely its a security risk?Originally Posted by brianoz
If you think about it, you'll realize it's not a security risk. Simply use a secure password for root and you're fine.
I see your thoughts of what if a user happens to use the same password as root
which is why root passwords should really be VERY long and VERY complex
like R545VD!sdcdm)(k??>
This has been a feature of cPanel for awhile iirc, however you can disable it in WHM under Tweak Settings. I believe the setting is called "disable login to accounts using root/reseller password" or something like that.
Most of the time I leave it enabled though because at times it is nice to not have to ask for a user's password, or reset it. My root passwords are normally 64 characters though, so I don't worry about someone having the same pass as it is highly unlikely.
Last edited by Voltar; 12-18-2008 at 01:52 PM. Reason: Typo...
my point exactly
LinkBack URL
About LinkBacks
Reply With Quote