In Progress CPANEL-40703 - Security Questions not "compatible" with Reseller accounts ?

[nlaruelle]

Hello all!

To be able to protect my WHM and my cPanel login pages, I am using for long time the Security Policy with Security Questions.

Without that, I feel like my WHM root login page is… naked.

Today, I have open one server to my first cPanel Reseller.

He is owner of several cPanel accounts. But we can not find any way for a reseller to connect to the cPanel accounts of his customers without the security questions, exactly like we are able to do as root. Why not, because he his the owner!

My customer (the reseller) can not works with his clients because he can not guess the secrets personal security questions & answers of his end-users.

Resellers must be able to connect to the cPanel accounts of his customers… Even to reset the security questions of his customers!
And of course for all the daily tasks a reseller have to do with his cPanel users.

I cannot ask to a Reseller to ask the answers of the security questions of his users…

Do I have to understand that Security Questions are Not Compatible with a Reseller Business… ?

thanks

 

[cPRex]

Hey there! To test this, I did the following:

-created a reseller
-created a cPanel account
-ensured the cPanel account was owned by the reseller
-as root, went to WHM >> Configure Security Policies and ensured that "Limit logins to verified IP addresses" was selected
-tried to login to cPanel as the cPanel end-user and confirmed I received the security questions popup
-access WHM as the reseller
-went to List Accounts
-clicked the cPanel icon, and I was able to access the account without answering any of the security questions

I'm wondering if this is due to a certain limit in the WHM >> Reseller Center settings, but I wasn't able to reproduce this even when only the basic "Initial Privileges" section was all that remained.

At this point I'm not able to reproduce that particular issue, but you could always submit a ticket to our team so we can check the problem on your server directly.

 

[nlaruelle]

Hello cPRex, thanks for your answer that I solved my issue (will tell you why).
I was sure you where my last hope to fix this potentiel "lack" ^^

> tried to login to cPanel as the cPanel end-user and confirmed I received the security questions popup

Before, I guessed you tried to connect without initially set the Security Answers with the End-User (?) I mean, first connect as the Reseller ( Reseller Center > Reseller-WHM ), then trying to connect from the Reseller WHM to the End-User account where the Security Questions was settled.

But you took so much time to reproduce the issue that I did again and again all my morning till finding the Issue & Solutions! See below folks.

> you could always submit a ticket

Yes! I've already opened a ticket #94448616

In fact, the cPanel Community asking to improve the Security Questions feature for about 10 years…

Enact security policies for specific users

As a Server Administrator, I want to enact security policies for specific users, so that I can control the level of security for each user type. 1. Enabl

features.cpanel.net

In Progress - CPANEL-40703 - Security Questions not "compatible" with Reseller accounts ?

Hello all! To be able to protect my WHM and my cPanel login pages, I am using for long time the Security Policy with Security Questions. Without that, I feel like my WHM root login page is… naked. Today, I have open one server to my first cPanel Reseller. He is owner of several cPanel...

forums.cpanel.net

Security Questions for root (WHM) only (and not cPanel users) ?

Hello and happy new year to all ! Security Questions & Verified IP are marvelous features, in addition to the possibility to change the SSH Port of each servers… a must ! With that, I feel now really secured about the root access of my servers. But, I just seen that Security Policy & Security...

forums.cpanel.net

Separate the Security Policies differently for WHM and cPanel logins

As a web-hosting provider I would like to enable Security Questions & IP Restriction for WHM (root) only and not final cPanel users necessarily so that Hos

features.cpanel.net

Security Questions only WHM

Security Questions only WHM Thanks Maison

features.cpanel.net

It's a long time request, because it is Mandatory for All Reseller Business who care about security of the WHM login page.

After exchanging several messages with the cPanel Support since last week and escalading my question to cPanel Level 3 specialist, here the answer I've got (I've bold myself some words) :

> There is no way to disable the Security Questions only for resellers, once enabled this is enabled globally. I'd recommend having the Reseller create its own question and answers so that they can access their user accounts.

It supposed for the Reseller to SHARE his personal answers to the end-user…

"What's the name of the Reseller's pet?",
"Where the Reseller give his first kiss to his wife?",
or "What's the middle name of the Reseller mummy?"

(^^ not sure cPanel support will enjoy the joke)

Not a decent workaround.

But, again, cPRex, your answer (and the short list inside) help me to figure it out Where is the Issue and How to solve it.

Here the Causes & SOLUTION :

The problem happen only when you connect to the WHM Reseller Account FROM The Reseller Center ONLY !

I say again : From the Reseller Center !

If you are able to connect directly with the real Username and Password of the Reseller to 2087 (not from root, not from the Reseller Center)… and then in "List Accounts", Go to the Owned cPanel Account User (without reseller privileges)… then, NO Security Questions are asked !

Solution : not going from the Reseller Center, go to the real WHM Account directly 2087).

It was the behavior from the Reseller Center that is misleading about the final Reseller Experience. Here my Reseller (customer) was faced about the issue (and Questions) by connecting to the end-user cPanel from 2083 but I cannot guess it before.

Connection from Reseller Center should be best offering the same experience of the real WHM Reseller Connecter to avoid so much questioning

So again, thanks to cPRex for your precious help!

Can marked as SOLVED to help future lost people like me.

 

[nlaruelle]

Update!!

If the Reseller connect to WHM from his WHMCS client area (through cPanel Single Sign-On) he does have the Security Questions !

Hope that help.

 

[cPRex]

Thanks for the detailed reply. There isn't much we can do about the WHMCS side of things on our side, but we may be able to improve this behavior that you're experiencing.

I did confirm that logging in as the Reseller to WHM and then opening cPanel from List Accounts works well, but root >> Reseller Center >> Reseller User WHM Access >> List Accounts >> cPanel does not, so there is likely a difference in the way that session is being handled.

I've created case CPANEL-40703 for our developers to look into this behavior. Once I do hear an update from them I'll be sure to post here again.

 

[nlaruelle]

For sure, WHMCS, never mind. The purpose is to have at least one way to connect. We are not so hungry.

> but root >> Reseller Center >> Reseller User WHM Access >> List Accounts >> cPanel does not

So glad if I was able to help for something with this secret glitch

Thanks again cPRex for reading carefully all our support request in the place.

 

[cPRex]

You're very welcome!!