The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cpanel.net SECURITY WARNING- URGENT

Discussion in 'Security' started by cyberwisdom, Feb 6, 2004.

  1. cyberwisdom

    cyberwisdom Well-Known Member

    Joined:
    Jun 2, 2003
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    I recently tried to submit a trouble-ticket on the cpanel.net website and was unable to really send much because it was not using SSL.

    If you are going to submit any information to them don't give sensitive information especially passwords and logins.

    I've asked them to enable ssl on that page they haven't yet.

    I can't believe cPanel out of all companies would leave such a hole for people to get hacked.

    Check it out for yourself:
    http://cpanel.net/support/index.htm
     
  2. cyberwisdom

    cyberwisdom Well-Known Member

    Joined:
    Jun 2, 2003
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    This is their response:
     
  3. rsaylor

    rsaylor Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    160
    Likes Received:
    1
    Trophy Points:
    18
    The bottom line if you want there support just do what they say. How hard is it to call them if it resolve the problem? I can understand the SSL but if you have a problem and they are trying to help phone support is probally a better option anyhow.
     
  4. cyberwisdom

    cyberwisdom Well-Known Member

    Joined:
    Jun 2, 2003
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    Yeah, I called them. But they don't provide tech support over the phone. That's what I was told. It's only to leave the details.

    Regardless I know for sure some people are submitting passwords and login details on there. They even ask you for detailed steps on how to reproduce the problem.
     
  5. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    I would also agree that this is a security flaw. Probably an over-sight on DarkOrb's part, but now that they are aware of it there should be no reason why they do not correct it.

    It's one of the reasons why I will not give detailed information and defeats the purpose of the submission form.
     
  6. Juanra

    Juanra Well-Known Member

    Joined:
    Sep 22, 2001
    Messages:
    777
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Spain
    Suggestion: you open then ticket, wait for the automatic ack message, look at the https link and post whatever details they need, securely.
     
  7. cyberwisdom

    cyberwisdom Well-Known Member

    Joined:
    Jun 2, 2003
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    Yeah I saw that. But still many people won't know that and will still submit sensitive info on the first try.

    What bothers me is that when I told them about it, they said to call instead of "oops, sorry we'll fix it."

    God knows when they'll fix it. For all we know someone is already sniffing all the packets going to them from that page. Especially since the issues is now public.
     
Loading...

Share This Page