Error when Reseller changes Current User in cPanel Account

[Rogerio]

Hello,

I am having a problem with multiple cPanel servers. Not always, when a reseller with full privileges attempts to change the cPanel account (using the pull-down menu), an error appears that needs to re-login.

Reseller has full permissions (root access). Not related to IP change (I have fixed IP). Not related to web browser (cleaned cookies, closed/reopened browser, and so). I have some pop-up blockers and Kaspersky web-monitoring activated, but I don't think this is related.

- reseller with Root Access (Everything -> All features)
- reseller logs in
- change account in General Information -> Current User
- URL that runs: https://server:2083/cpsess6431811780/xfercpanel/client-name
- redirect to: https://server:2083/cpsess428804518.../index.html?login=1&post_login=95278479209544 -> error appears

More info: the problem is fixed opening ANOTHER user... let me try to explain: I try to open foo.com.br->ERROR, relogin-> try bar.com.br->ERROR, relogin -> try blabla.com->WORKS, try foo/bar/blabla again->WORKS.

Any ideias? Image attached.

 

[cPanelLauren]

Hi @Rogerio

I'm attempting to replicate this but I'm losing you at

- change account in General Information -> Current User

This isn't an option present in cPanel or WHM, do you mean the side bar where it notes current user as described here:

If that's the case when the reseller switches to an account that it does not own from there it won't be able to switch again though I am unable to replicate the error you're receiving.

 

[Rogerio]

Hello @cPanelLauren,

yes, you're right, that's the place, but in the image you've posted, the "current user" is not a reseller with full privileges, that can see all accounts. I've created an user like "myname" and just give it root privileges in WHM->Reseller Center. Then, I log into the account and change to another account in the drop-down menu.

The problem is that is not happening always. But is happening in several servers, all with version 76. Never happened in version <76. I'm trying to figure out when occurs.

I "guess" that is something related to connection speed. When my connection is fast or when something loads faster than other thing, the problem occurs or not... I'm still trying to reproduce... Sorry for the confusion (my limited english can be a problem to explain precisely).

Rogerio

 

[cPanelLauren]

Hi @Rogerio

I "guess" that is something related to connection speed. When my connection is fast or when something loads faster than other thing, the problem occurs or not... I'm still trying to reproduce... Sorry for the confusion (my limited english can be a problem to explain precisely).

No worries, I understand what the issue is. I do think there is an issue when attempting to switch to account's the reseller doesn't own, from that point you'll be stuck. As far as the error you're receiving though, I'm unsure. Can you check WHM>>Server Configuration>>Tweak Settings and tell me what is set for:

Cookie IP validation
Validate the IP addresses used in all cookie-based logins. This will limit the ability of attackers who capture cPanel session cookies to use them in an exploit of the cPanel or WebHost Manager interfaces. For this setting to have maximum effectiveness, proxydomains should also be disabled. Strict validation requires the current IP address and the cookie IP address to exactly match. Loose validation only requires they are in the same /24.

It also possible there could be a network related issue but that wouldn't be something we'd be able to troubleshoot.

 

[Rogerio]

Hello @cPanelLauren,

I have 3 resellers in this machine, like "one" (myself, with Root Privileges that can see all accounts), "two" and "three" (normal resellers/permissions). I ("one" user) can see all domains, and access all.

"Cookie IP validation" is set "disabled" because I have problems to access in 3G/4G connections that change IPs constantly, when I need to access WHM using a cellphone.

My main internet connection is very stable and has fixed IP.

Today I didn't have problems. I'm still trying to reproduce the problem. I'll keep you informed.

Rogerio

 

[cPanelLauren]

Hi @Rogerio

I also have a reseller situation set up similar to what you've got, the only block I face is when I go to one of the accounts my reseller doesn't own (even though it has root privileges). I haven't been able to reproduce the error yet though. Steps to replicate would be extremely helpful!

 

[Rogerio]

Hello @cPanelLauren,

in last 2 days I didn't have the problem. I'll monitor and post here when I have any clue how to reproduce.

I never had problems to access accounts that I don't own directly when the reseller has root privileges... BTW, I use this a lot, for years...

Rogerio

 

[Rogerio]

Hello @cPanelLauren

I did a video, can I send to you in DM?

Rogerio

 

[cPanelLauren]

@Rogerio

Can you please open a ticket using the link in my signature? I will share with the analyst the link to the video as well. Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


Thanks!

 

[Rogerio]

Hello @cPanelLauren,

I'll test one more thing before open the ticket. I'm using Kaspersky Chrome plugin, and I think that can be the reason. Today I had the same problem in another server, that I never had problems before. So I did a test using MS Edge, and had no problem. So, I've removed the plugin and will test. If happens again, I'll open the ticket. Hold on some more days.

The problem is not related to connection speed. I tested today in that server, limiting my local bandwidth, and persisted.

Rogerio

 

[cPanelLauren]

Hi @Rogerio


Please do let us know if disabling that plugin helps. It'd definitely be useful to have that information for anyone else potentially using this.

 

[Rogerio]

Hello @cPanelLauren.

Bad news, happened again, without the Kaspersky plugin...

Now I'm trying to check another thing... I didn't have problems in last days, but today I had, accessing a very old account, created in a old cPanel version (>5 years). Last time I had problem with another very old account (>7 years). I'll try to check if this is related to account age.

When I have problems using the reseller account, I need to access from WHM->List accounts and click on cPanel icon.

 

[cPanelLauren]

Hi @Rogerio


That's a good point. You might also match the userdata for the problematic account with the same from one you don't have issues with.

In both /var/cpanel/users/ and /var/cpanel/userdata

 

[Rogerio]

Hello @cPanelLauren

The problem happened again, and I think it's confirmed: if I access a very old account first, the problem happens. If I access a more recent account, no problem occurs. But if I access a recent account first and then change to the old one, works too. All using that reseller account with full access.

I'll try to compare both folders you specified.