Hello! I have problem with cpanel root password. Didn't check how auth for other accounts behave, but... my Cpanel (Centos 5.5 x86_64) does not accept any password longer than 8 characters?!
How I know that? Because I had set my root password about 15 characters long. OK then one day I failed in typing (felt that under fingers when typing) but system still let me logged in! WTF?
Then I investigated, I need to input only first 8 characters correct, everything behind can be totally mess, system still log me in. In fact, I can only type first 8 characters off password and nothing more, that's enough to log in.
I tried to change root pass, and if I set it shorter than 8 chars, no combination except correct one log me in. If I set anything longer than 8 chars, every combination with 8 chars or longer let me in, provided that first 8 are correct.
I concluded that when I change my root password, system accept only first 8 chars and discard everything that follow on. The same it does when interpreting my pass during logging - takes first 8 chars and discard everything following? This is the only explanation I can make from my findings...
What now? Hacked system? Does not look to me like that. There are no evidence of any intruder activity I can tell. I tried the same procedure on other Centos 5.5 boxes I have - no issues. I don't have another Cpanel to try.
All that is via ssh...
I really need an advice.
Thanks.
How I know that? Because I had set my root password about 15 characters long. OK then one day I failed in typing (felt that under fingers when typing) but system still let me logged in! WTF?
Then I investigated, I need to input only first 8 characters correct, everything behind can be totally mess, system still log me in. In fact, I can only type first 8 characters off password and nothing more, that's enough to log in.
I tried to change root pass, and if I set it shorter than 8 chars, no combination except correct one log me in. If I set anything longer than 8 chars, every combination with 8 chars or longer let me in, provided that first 8 are correct.
I concluded that when I change my root password, system accept only first 8 chars and discard everything that follow on. The same it does when interpreting my pass during logging - takes first 8 chars and discard everything following? This is the only explanation I can make from my findings...
What now? Hacked system? Does not look to me like that. There are no evidence of any intruder activity I can tell. I tried the same procedure on other Centos 5.5 boxes I have - no issues. I don't have another Cpanel to try.
All that is via ssh...
I really need an advice.
Thanks.
Last edited:
