The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel Security Problem - Lets you in with blank username

Discussion in 'Security' started by TySoft, Oct 21, 2005.

  1. TySoft

    TySoft Member

    Joined:
    Aug 21, 2003
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    I've discovered what I perceive as a bit of a security problem. If I cPanel to http://www.cpaneldomain.com:2082, I can log in with the account's password and a blank username.

    Any idea why this is happening and how to correct it? Seeing this on 10.8.0 R58.

    Thanks!
     
  2. Izzee

    Izzee Well-Known Member

    Joined:
    Feb 6, 2004
    Messages:
    469
    Likes Received:
    0
    Trophy Points:
    16
    WHM 10.8.0 cPanel 10.8.0-E84
    RedHat 9 i686 - WHM X v3.1.0

    I can confirm this is infact the case.
    domainname.tld:2082 - no user name required just password :rolleyes:

    Has this always been like this?
    Until TySoft's post I had never tried it?

    Perhaps a bug report for this might be in order.

    Just upgraded to latest edge and no change to report.
    WHM 10.8.0 cPanel 10.8.1-E2
    RedHat 9 i686 - WHM X v3.1.0
     
    #2 Izzee, Oct 21, 2005
    Last edited: Oct 21, 2005
  3. binaer

    binaer Well-Known Member

    Joined:
    Jul 6, 2004
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    6
    can confirm on FreeBSD 5.1-RELEASE.

    On 5.4-RELEASE (FreeBSD), the issue is solved!
     
  4. Alain Leonard

    Alain Leonard Member

    Joined:
    Nov 30, 2004
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    I'm confirm this security problerm on :

    cPanel 10.8.1-R4
    FC 2
     
  5. Myacen

    Myacen Well-Known Member

    Joined:
    Apr 6, 2002
    Messages:
    222
    Likes Received:
    0
    Trophy Points:
    16
    What happens when two accounts have the same password?
     
  6. HH-Steven

    HH-Steven Well-Known Member

    Joined:
    Aug 29, 2004
    Messages:
    284
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    I can confirm this aswell :

    WHM 10.8.0 cPanel 10.8.1-R4
    CentOS 3.5 i686 - WHM X v3.1.0

    Nothing, just keeps showing the pop up / login until a username is entered.
     
  7. binaer

    binaer Well-Known Member

    Joined:
    Jul 6, 2004
    Messages:
    60
    Likes Received:
    0
    Trophy Points:
    6
    is a Bug-Report already open? When no, who makes one?
     
  8. Logan

    Logan Active Member

    Joined:
    Jan 31, 2005
    Messages:
    26
    Likes Received:
    0
    Trophy Points:
    1
  9. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
  10. Tapan

    Tapan Well-Known Member

    Joined:
    Dec 4, 2004
    Messages:
    109
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Chandigarh
    Ya and bug is still here.
     
  11. Zaf

    Zaf Well-Known Member

    Joined:
    Aug 22, 2005
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    16
    See the bug in newer release, while I dont see it in 'cPanel 10.6.0-R158'.
     
  12. Tapan

    Tapan Well-Known Member

    Joined:
    Dec 4, 2004
    Messages:
    109
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Chandigarh
    Hi,

    I don't think R good as it may have some more bugs but atleast S will have less bugs compraed to R. I will stick to S till this is added from R to S.

    Thanks.
     
  13. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    The latest RELEASE and STABLE versions are effectively equivalent, so that's currently moot.
     
  14. asterisk

    asterisk Well-Known Member

    Joined:
    Nov 11, 2005
    Messages:
    61
    Likes Received:
    0
    Trophy Points:
    6
    WHM 10.8.0 cPanel 10.8.1-R30 is fine for those who are on the Release Tree. You might like to try upgrading to that.
     
  15. cPanelBilly

    cPanelBilly Guest

    This option has actually been available in cPanel for quite some time. It takes the domain that you are logging in with as the username, you cant just log into any domain witht eh password. You still must know the domainname.
    ie domain.com/cpanel has the password 'asdf1234'

    you cannot go to otherdomainonserver.com/cpanel and use that password as it will not be correct for otherdomainonserver.com

    Now if this is something a few of you are not comfertable with you are more than welcome to say this in the bug report and a tweak setting should be able to be added to turn this off, however it really isnt much of security issue.
     
  16. geeky_devil

    geeky_devil Registered

    Joined:
    Nov 21, 2005
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    i m having a BIGger problem

    i bought the domain from a reseller, he said that the server is in FLORIDA, running Apache, Linux

    but dudes

    the cPanel is not accepting my pwd.

    the man flew to another country, now i dont know WHO to ask, please assist me at geeky_devil@hotmail.com
     
  17. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Your post appears to have nothing to do with this thread. Regardless, if you're having problems accessing an end-user cPanel account you will have to speak with your web hosting provider.
     
Loading...

Share This Page