cPanel Security Problem - Lets you in with blank username

Izzee

Well-Known Member
Feb 6, 2004
469
0
166
WHM 10.8.0 cPanel 10.8.0-E84
RedHat 9 i686 - WHM X v3.1.0

I can confirm this is infact the case.
domainname.tld:2082 - no user name required just password :rolleyes:

Has this always been like this?
Until TySoft's post I had never tried it?

Perhaps a bug report for this might be in order.

Just upgraded to latest edge and no change to report.
WHM 10.8.0 cPanel 10.8.1-E2
RedHat 9 i686 - WHM X v3.1.0
 
Last edited:

binaer

Well-Known Member
Jul 6, 2004
60
0
156
can confirm on FreeBSD 5.1-RELEASE.

On 5.4-RELEASE (FreeBSD), the issue is solved!
 

HH-Steven

Well-Known Member
Aug 29, 2004
282
0
166
cPanel Access Level
Root Administrator
I can confirm this aswell :

WHM 10.8.0 cPanel 10.8.1-R4
CentOS 3.5 i686 - WHM X v3.1.0

Myacen said:
What happens when two accounts have the same password?
Nothing, just keeps showing the pop up / login until a username is entered.
 

Zaf

Well-Known Member
Aug 22, 2005
117
0
166
See the bug in newer release, while I dont see it in 'cPanel 10.6.0-R158'.
 

asterisk

Well-Known Member
Nov 11, 2005
61
0
156
WHM 10.8.0 cPanel 10.8.1-R30 is fine for those who are on the Release Tree. You might like to try upgrading to that.
 
C

cPanelBilly

Guest
This option has actually been available in cPanel for quite some time. It takes the domain that you are logging in with as the username, you cant just log into any domain witht eh password. You still must know the domainname.
ie domain.com/cpanel has the password 'asdf1234'

you cannot go to otherdomainonserver.com/cpanel and use that password as it will not be correct for otherdomainonserver.com

Now if this is something a few of you are not comfertable with you are more than welcome to say this in the bug report and a tweak setting should be able to be added to turn this off, however it really isnt much of security issue.
 

geeky_devil

Registered
Nov 21, 2005
1
0
151
i m having a BIGger problem

i bought the domain from a reseller, he said that the server is in FLORIDA, running Apache, Linux

but dudes

the cPanel is not accepting my pwd.

the man flew to another country, now i dont know WHO to ask, please assist me at [email protected]
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,441
31
473
Go on, have a guess
geeky_devil said:
i bought the domain from a reseller, he said that the server is in FLORIDA, running Apache, Linux

but dudes

the cPanel is not accepting my pwd.

the man flew to another country, now i dont know WHO to ask, please assist me at [email protected]
Your post appears to have nothing to do with this thread. Regardless, if you're having problems accessing an end-user cPanel account you will have to speak with your web hosting provider.