cPanel File Manager $password bug

D

Daniel15

Well-Known Member
Oct 7, 2006
86
1
156
Palo Alto, CA (originally Melbourne, Australia)
cPanel Access Level
Website Owner
Twitter
Hi,
Recently, I was informed about an interesting bug in cPanel's File Manager. Basically, if you create a file with contents like the following:
Code: 
<?php
$password = "This is a test";
?>
using cPanel's File Manager, save the file, and then reopen it, the contents change to:
Code: 
<?php
[cPanel Password] = "This is a test"
?>
It appears that $password is being interpreted by cPanel as a placeholder for the user's cPanel password. I see this as a security risk, as someone could unknowingly save their password into a plaintext file which contains '$password'. I can confirm that this bug is present in version 10.9.0-RELEASE-34 of cPanel. However, it does not occur in the 10.8.2-RELEASE 119 release.

Original report: http://www.cwhnetworks.com/forums/index.php?showtopic=4107
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
N Set the default directory opened with the File Manager (.cpanel/nvdata/defaultdir) File Management 1
M Can't do anything in Cpanel while file manager downloads File Management 2
M In Progress CPANEL-38154 - Error when saving file in File Manager. Request is too long (length is 94211, maximum length is 65535) File Management 1
V cPanel filemanager uploads dead slow File Management 6
S Terminal and greylist in whm and filemanager in cpanel are blank page File Management 3
Similar threads
Set the default directory opened with the File Manager (.cpanel/nvdata/defaultdir)
Can't do anything in Cpanel while file manager downloads
In Progress CPANEL-38154 - Error when saving file in File Manager. Request is too long (length is 94211, maximum length is 65535)
cPanel filemanager uploads dead slow
Terminal and greylist in whm and filemanager in cpanel are blank page
Top Bottom