The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Change Password has important issues

Discussion in 'General Discussion' started by DJMaze2, Jun 14, 2005.

  1. DJMaze2

    DJMaze2 Registered

    Jun 10, 2005
    Likes Received:
    Trophy Points:
    cPanel 10.2.0-R82
    RedHat 9 i686

    If someone logs into his cPanel account and changes his password (http://domain:2082/frontend/x/passwd/index.html) then only the password of the account is changed.

    Services like FTP, Mail, MySQL, etc. don't get synchronized in any way unless the owner of the server changes the password thru WHM.

    I think this is a huge issue if someone his account is hacked and is used for mail spam, ftp warez or http replacement.
    Because if someone is hacked and changes his password afterwards, the "hacker" could still access the website in many ways with the old password.

    In my opinion the "change password" feature should be fixed in one of the following ways:

    a. run the sync commands
    b. remove completely (and force custom ftp, sql, mail login accounts to prevent overall damage)
    c. replace by: commit to server owner a "change password" request
    d. suspend account untill the 'root' has synced the services
    #1 DJMaze2, Jun 14, 2005
    Last edited: Jun 14, 2005
  2. chirpy

    chirpy Well-Known Member

    Jun 15, 2002
    Likes Received:
    Trophy Points:
    Go on, have a guess
    You should log it in bugzilla if it's a reproducable bug, if it doesn't already exists there.

Share This Page