cPanel File Manager $password bug

D

Daniel15

Well-Known Member
Oct 7, 2006
86
1
156
Palo Alto, CA (originally Melbourne, Australia)
cPanel Access Level
Website Owner
Twitter
Hi,
Recently, I was informed about an interesting bug in cPanel's File Manager. Basically, if you create a file with contents like the following:
Code: 
<?php
$password = "This is a test";
?>
using cPanel's File Manager, save the file, and then reopen it, the contents change to:
Code: 
<?php
[cPanel Password] = "This is a test"
?>
It appears that $password is being interpreted by cPanel as a placeholder for the user's cPanel password. I see this as a security risk, as someone could unknowingly save their password into a plaintext file which contains '$password'. I can confirm that this bug is present in version 10.9.0-RELEASE-34 of cPanel. However, it does not occur in the 10.8.2-RELEASE 119 release.

Original report: http://www.cwhnetworks.com/forums/index.php?showtopic=4107
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
spaceman In Progress CPANEL-43121 - File downloads from cPanel's File Manager are weirdly slow File Management 10
H Removing PHP Junk Files Permanently from GoDaddy cPanel File Manager File Management 2
K In Progress CPANEL-39589 - [File Manager] Path error File Management 12
N Set the default directory opened with the File Manager (.cpanel/nvdata/defaultdir) File Management 1
M Can't do anything in Cpanel while file manager downloads File Management 2
Similar threads
In Progress CPANEL-43121 - File downloads from cPanel's File Manager are weirdly slow
Removing PHP Junk Files Permanently from GoDaddy cPanel File Manager
In Progress CPANEL-39589 - [File Manager] Path error
Set the default directory opened with the File Manager (.cpanel/nvdata/defaultdir)
Can't do anything in Cpanel while file manager downloads
Top Bottom