In Progress CPANEL-40668 - Case sensitivity for usernames in webmail password reset

LoadFactor

Well-Known Member
Jul 12, 2013
76
15
133
cPanel Access Level
Root Administrator
Please tell me this is a bug (v102.0.16):

We've got a bunch of users set up with alternate emails so they can reset their mail passwords. If user [email protected] has [email protected] for a recovery address and puts in [email protected] for his email, the correct obscured recovery address hint comes up like [email protected]. Nice. Really saves on support.

However if the user enters [email protected], the recovery address is randomly generated like [email protected] and clearly invalid. Generates many trivial support tickets. Not nice.

Surely the user's email should be mapped to lowercase before looking for a recovery address?
 
Last edited by a moderator:
  • Like
Reactions: Spirogg

keat63

Well-Known Member
Nov 20, 2014
1,957
266
113
cPanel Access Level
Root Administrator
A great question, one which deserves looking at in detail, so I'd like to bounce .

Why would cpanel convert Abc to p-9.
Clearly something isn't right.

if the Cpanel guys don't come back with an answer, maybe a support request might be in order.
 
  • Like
Reactions: Spirogg

LoadFactor

Well-Known Member
Jul 12, 2013
76
15
133
cPanel Access Level
Root Administrator
Why would cpanel convert Abc to p-9.
Clearly something isn't right.
It's a security thing. Since the provided email [incorrectly] doesn't match a valid email, cPanel is providing a bogus hint. It's basically random. That way someone phishing for a valid address gains no information from the attempt.
 
  • Like
Reactions: cPRex