The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cpanel login, Password Length

Discussion in 'Security' started by Vang, Jun 20, 2010.

  1. Vang

    Vang Registered

    Joined:
    Apr 21, 2010
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Hi,
    I have a client with 2 accounts which his passwords are :
    The 1st is 15 chars length and
    The 2nd is 9 chars length.
    The first 9 chars are the same in both passwords.
    for example
    the 1st password for account user1 let's say is : 012345678901234
    and the 2nd password for account user2 is : 012345678
    that means :
    Username : user1
    password : 012345678
    successfully login !!!

    When trying to login user1 (which has 15 chars length password)
    if he enters the user2 password (the 9 chars length) he successfully logins.

    How can i prevent this from happening ?

    Thanx in advance
     
  2. brookerrj

    brookerrj Registered

    Joined:
    Oct 14, 2010
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Same thing here

    This situation can't be right.
    Anyone have any suggestions?
     
  3. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Please check in your /etc/pam.d/system-auth for this line (or it might be slightly different for the path to pam_unix.so on your system but the line should be similar):

    Code:
    password sufficient pam_unix.so try_first_pass use_authtok nullok
    If it is missing the md5 in that line, it will then allow weaker passwords of only 8 characters. You can fix it by changing the line to have md5 in it (please only append md5 to the end of the line, do not change any other part of the line as it appears on your machine):

    Code:
    password sufficient pam_unix.so try_first_pass use_authtok nullok [COLOR="Red"]md5[/COLOR]
     
    Infopro likes this.
Loading...

Share This Page