The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Case 46864] Webmail Security Policy Manager - Missing passbar directory

Discussion in 'Security' started by sparek-3, Feb 4, 2011.

  1. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    There seem to be some problems with the Security Policy Manager for Webmail using the latest Release of cPanel.

    I am noting this error in the build:

    11.28.76-RELEASE_51149

    From the access_log it looks like the passbar directory is missing.

    /usr/local/cpanel/base/unprotected/passbar

    appears to be a missing symlink.

    I am not sure where the passbar directory is suppose to come from. I have fixed the issue by:

    Code:
    cd /usr/local/cpanel/whostmgr/docroot/
    ln -s ../../base/frontend/x3/passbar ./
    This is grabbing the passbar directory from the x3 theme directory. I'm not sure if that is where the data is suppose to come from or not.

    Anybody else noticing this error?

    To duplicate, create a mail account and set the password for the mail account to a weak password (you may have to temporarily disable password strength to do this, but then re-enable it). Then log into webmail for the account using the weak password. You should be prompted that your password is too weak. But the Generate Password button will not work and the password will not change. Once the passbar symlink is working, this page seems to work.
     
  2. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Thank you. I filed a case on this, which is assigned #46864.
     
  3. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    This also does not work for reseller's WHMs. The security policy page, after submitting complains:

    Code:
    failed: missing arguments current_password
    I am not sure where this bit of code is, or what to change.

    To duplicate this, set a reseller's password to a weak password, then log into that reseller's WHM. You'll get the security policy page asking them to reset their password, but you won't be able to change the password.

    It looks like the whole Password Strength Security Policy system needs to be audited and made sure that every aspect works.
     
  4. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Case 46864 was resolved in the initial builds of version 11.30. To see if 11.30 has reached your update tier yet, visit Downloads - cPanel Inc.
     
Loading...

Share This Page