The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel File Manager $password bug

Discussion in 'General Discussion' started by Daniel15, Oct 7, 2006.

  1. Daniel15

    Daniel15 Well-Known Member

    Joined:
    Oct 7, 2006
    Messages:
    84
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    Hi,
    Recently, I was informed about an interesting bug in cPanel's File Manager. Basically, if you create a file with contents like the following:
    Code:
    <?php
    $password = "This is a test";
    ?>
    
    using cPanel's File Manager, save the file, and then reopen it, the contents change to:
    Code:
    <?php
    [cPanel Password] = "This is a test"
    ?>
    
    It appears that $password is being interpreted by cPanel as a placeholder for the user's cPanel password. I see this as a security risk, as someone could unknowingly save their password into a plaintext file which contains '$password'. I can confirm that this bug is present in version 10.9.0-RELEASE-34 of cPanel. However, it does not occur in the 10.8.2-RELEASE 119 release.

    Original report: http://www.cwhnetworks.com/forums/index.php?showtopic=4107
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You should report the problem to cPanel by creating a bugzilla entry.
     
  3. Daniel15

    Daniel15 Well-Known Member

    Joined:
    Oct 7, 2006
    Messages:
    84
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page