Cpanel password maximum 8 characters?!?

coldplug

Member
Oct 26, 2009
6
0
51
Hello! I have problem with cpanel root password. Didn't check how auth for other accounts behave, but... my Cpanel (Centos 5.5 x86_64) does not accept any password longer than 8 characters?!

How I know that? Because I had set my root password about 15 characters long. OK then one day I failed in typing (felt that under fingers when typing) but system still let me logged in! WTF? :eek:

Then I investigated, I need to input only first 8 characters correct, everything behind can be totally mess, system still log me in. In fact, I can only type first 8 characters off password and nothing more, that's enough to log in. :confused:

I tried to change root pass, and if I set it shorter than 8 chars, no combination except correct one log me in. If I set anything longer than 8 chars, every combination with 8 chars or longer let me in, provided that first 8 are correct.

I concluded that when I change my root password, system accept only first 8 chars and discard everything that follow on. The same it does when interpreting my pass during logging - takes first 8 chars and discard everything following? This is the only explanation I can make from my findings...

What now? Hacked system? Does not look to me like that. There are no evidence of any intruder activity I can tell. I tried the same procedure on other Centos 5.5 boxes I have - no issues. I don't have another Cpanel to try.

All that is via ssh...

I really need an advice.

Thanks.
 
Last edited:

ldm

Registered
Sep 11, 2010
4
0
51
If you change the password through SSH to something longer, does the same issue remains ?

If so, then you need to configure your system to use MD5 passwords.
 
Last edited:

aapkapratik

Member
Oct 26, 2009
24
0
51
Hello,

If you wish to set password strength you can do it by accessing the following path in your WHM

Main >> Security Center >> Password Strength Configuration

Under Password Strength Configuration please try and configure

" Required Password Strength for System/cPanel Accounts ". It might prove helpful