In Progress CPANEL-40703 - Security Questions not "compatible" with Reseller accounts ?

nlaruelle

Active Member
Sep 4, 2017
38
16
58
Belgium
cPanel Access Level
Website Owner
Hello all!

To be able to protect my WHM and my cPanel login pages, I am using for long time the Security Policy with Security Questions.

Without that, I feel like my WHM root login page is… naked.

Today, I have open one server to my first cPanel Reseller.

He is owner of several cPanel accounts. But we can not find any way for a reseller to connect to the cPanel accounts of his customers without the security questions, exactly like we are able to do as root. Why not, because he his the owner!

My customer (the reseller) can not works with his clients because he can not guess the secrets personal security questions & answers of his end-users.

Resellers must be able to connect to the cPanel accounts of his customersEven to reset the security questions of his customers!
And of course for all the daily tasks a reseller have to do with his cPanel users.

I cannot ask to a Reseller to ask the answers of the security questions of his users… :-D

Do I have to understand that Security Questions are Not Compatible with a Reseller Business… ?

thanks
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
12,498
1,971
363
cPanel Access Level
Root Administrator
Hey there! To test this, I did the following:

-created a reseller
-created a cPanel account
-ensured the cPanel account was owned by the reseller
-as root, went to WHM >> Configure Security Policies and ensured that "Limit logins to verified IP addresses" was selected
-tried to login to cPanel as the cPanel end-user and confirmed I received the security questions popup
-access WHM as the reseller
-went to List Accounts
-clicked the cPanel icon, and I was able to access the account without answering any of the security questions

I'm wondering if this is due to a certain limit in the WHM >> Reseller Center settings, but I wasn't able to reproduce this even when only the basic "Initial Privileges" section was all that remained.

At this point I'm not able to reproduce that particular issue, but you could always submit a ticket to our team so we can check the problem on your server directly.
 
  • Like
Reactions: kodeslogic

nlaruelle

Active Member
Sep 4, 2017
38
16
58
Belgium
cPanel Access Level
Website Owner
Hello cPRex, thanks for your answer that I solved o_O my issue (will tell you why).
I was sure you where my last hope to fix this potentiel "lack" ^^

> tried to login to cPanel as the cPanel end-user and confirmed I received the security questions popup

Before, I guessed you tried to connect without initially set the Security Answers with the End-User (?) I mean, first connect as the Reseller ( Reseller Center > Reseller-WHM ), then trying to connect from the Reseller WHM to the End-User account where the Security Questions was settled.

But you took so much time to reproduce the issue that I did again and again all my morning till finding the Issue & Solutions! See below folks.

> you could always submit a ticket

Yes! I've already opened a ticket #94448616

In fact, the cPanel Community asking to improve the Security Questions feature for about 10 years…


It's a long time request, because it is Mandatory for All Reseller Business who care about security of the WHM login page.

After exchanging several messages with the cPanel Support since last week and escalading my question to cPanel Level 3 specialist, here the answer I've got (I've bold myself some words) :

> There is no way to disable the Security Questions only for resellers, once enabled this is enabled globally. I'd recommend having the Reseller create its own question and answers so that they can access their user accounts.

It supposed for the Reseller to SHARE his personal answers to the end-user…

"What's the name of the Reseller's pet?",
"Where the Reseller give his first kiss to his wife?"
,
or "What's the middle name of the Reseller mummy?"

(^^ not sure cPanel support will enjoy the joke)

Not a decent workaround.

But, again, cPRex, your answer (and the short list inside) help me to figure it out Where is the Issue and How to solve it.

Here the Causes & SOLUTION :


The problem happen only when you connect to the WHM Reseller Account FROM The Reseller Center ONLY !

I say again : From the Reseller Center !

If you are able to connect directly with the real Username and Password of the Reseller to 2087 (not from root, not from the Reseller Center)… and then in "List Accounts", Go to the Owned cPanel Account User (without reseller privileges)… then, NO Security Questions are asked !

Solution : not going from the Reseller Center, go to the real WHM Account directly :)2087).

It was the behavior from the Reseller Center that is misleading about the final Reseller Experience. Here my Reseller (customer) was faced about the issue (and Questions) by connecting to the end-user cPanel from 2083 but I cannot guess it before.

Connection from Reseller Center should be best offering the same experience of the real WHM Reseller Connecter to avoid so much questioning :)

So again, thanks to cPRex for your precious help!

Can marked as SOLVED to help future lost people like me.
 

nlaruelle

Active Member
Sep 4, 2017
38
16
58
Belgium
cPanel Access Level
Website Owner
Update!!

If the Reseller connect to WHM from his WHMCS client area (through cPanel Single Sign-On) he does have the Security Questions !

Hope that help.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
12,498
1,971
363
cPanel Access Level
Root Administrator
Thanks for the detailed reply. There isn't much we can do about the WHMCS side of things on our side, but we may be able to improve this behavior that you're experiencing.

I did confirm that logging in as the Reseller to WHM and then opening cPanel from List Accounts works well, but root >> Reseller Center >> Reseller User WHM Access >> List Accounts >> cPanel does not, so there is likely a difference in the way that session is being handled.

I've created case CPANEL-40703 for our developers to look into this behavior. Once I do hear an update from them I'll be sure to post here again.
 
  • Like
Reactions: nlaruelle

nlaruelle

Active Member
Sep 4, 2017
38
16
58
Belgium
cPanel Access Level
Website Owner
For sure, WHMCS, never mind. The purpose is to have at least one way to connect. We are not so hungry.

> but root >> Reseller Center >> Reseller User WHM Access >> List Accounts >> cPanel does not

So glad if I was able to help for something with this secret glitch :)

Thanks again cPRex for reading carefully all our support request in the place.
 
  • Like
Reactions: cPRex