Logging into any reseller account using root's password

[Rafcio]

Hello,

today I have noticed that I am able to login into any reseller (WHM) account using root's password.
I don't know if it's a bug or a feature

 

[Infopro]

WebHost Manager »Server Configuration »Tweak Settings, System tab:

Accounts that can access a cPanel user account:
This setting specifies who can access a user’s cPanel account. Account-Owner refers to the particular reseller that owns the user account. Note: Disabling root access here will also disable root’s access to the Branding Editor in WHM.

 

[Rafcio]

So it's ok that I can go into WHM login page and type login: resellername password: rootpassword and log in?

 

[Infopro]

My apologies I misread your post. With root password you can login to any account.

 

[Rafcio]

No problemo, thank you for quick reply. I thought that it might be a bug causing potential security risk but with strong root password it should not be a problem. Anyway, is there any way to disable this feature?

 

[Infopro]

Adding Two Factor Authentication can add another layer of security to your system and accounts.