The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel login, security issue

Discussion in 'Security' started by tuxfan, Oct 1, 2006.

  1. tuxfan

    tuxfan Member

    Joined:
    Oct 1, 2006
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    between chair and keyboard
    If a user goes to hisdomain.com/cpanel, he is prompted for a username and a password. But simply entering a password takes him into cPanel, even if the username is left blank.

    Does this not reduce the security by 50%? :eek:

    I always try to make a somewhat un-common usernames for my cPanel accounts. But that seems useless after I discovered this bug (or feature?). Any solution to this?
     
  2. randomuser

    randomuser Well-Known Member

    Joined:
    Jun 25, 2005
    Messages:
    147
    Likes Received:
    0
    Trophy Points:
    16
    After a few us of bitched long enough about this stupid "feature" it has finally been dealt with, just not in STABLE yet, perhaps not in RELASE as well. It's not a bug, hard to believe I know.
     
  3. jayh38

    jayh38 Well-Known Member

    Joined:
    Mar 3, 2006
    Messages:
    1,215
    Likes Received:
    0
    Trophy Points:
    36
    To get around this for now:

    tweak settings > whm > system
    check the two boxes:
    Always redirect users to the ssl/tls ports when visiting /cpanel, /webmail, etc.
    When visiting /cpanel or /whm or /webmail with ssl redirect to the servers hostname.

    When you are forced to the login from the host name location, cpanel is no longer associated with a users name, thus they have to know what user name is as well as the password.

    And of course for added security, you can force clients to use something other than the assumed user name that cpanel generates from the domain name.
    If you have resellers, then oh well... their host provider domain will be revealed.
     
Loading...

Share This Page