Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Logging into any reseller account using root's password

Discussion in 'Security' started by Rafcio, Dec 8, 2017.

Tags:
  1. Rafcio

    Rafcio Registered

    Joined:
    Dec 8, 2017
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Poland
    cPanel Access Level:
    Root Administrator
    Hello,

    today I have noticed that I am able to login into any reseller (WHM) account using root's password.
    I don't know if it's a bug or a feature :)
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    WebHost Manager »Server Configuration »Tweak Settings, System tab:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Rafcio

    Rafcio Registered

    Joined:
    Dec 8, 2017
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Poland
    cPanel Access Level:
    Root Administrator
    So it's ok that I can go into WHM login page and type login: resellername password: rootpassword and log in?
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    My apologies I misread your post. With root password you can login to any account.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Rafcio

    Rafcio Registered

    Joined:
    Dec 8, 2017
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Poland
    cPanel Access Level:
    Root Administrator
    No problemo, thank you for quick reply. I thought that it might be a bug causing potential security risk but with strong root password it should not be a problem. Anyway, is there any way to disable this feature?
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Adding Two Factor Authentication can add another layer of security to your system and accounts.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice