The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Major security problem with WHM Pro feature

Discussion in 'Security' started by electric, May 3, 2005.

  1. electric

    electric Well-Known Member

    Joined:
    Nov 5, 2001
    Messages:
    697
    Likes Received:
    1
    Trophy Points:
    18
    There is a major problem with security on the WHM Pro version.

    1) Log in using any WHM un/pw that does NOT have root:

    2) Scroll to bottom of links on left side and click the "Configure Statistics Software" link. Enable it.

    3) Click the "User Permissions" button.

    4) You will see a listing of ALL ACCOUNT USERNAMES for the entire server. :eek: This is bad. It should only list accounts for the reseller account you are logged in for.

    Allowing any reseller to see every username for the entire server is not good.

    Can this be fixed immediately?


    (WHM 10.0.0 cPanel 10.0.0-R146)
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    First things first, upgrade to the latest version in your tree (RELEASE) then check it again. If it's still not fixed, then log it in bugzilla.
     
  3. BenThomas

    BenThomas Well-Known Member

    Joined:
    Feb 12, 2004
    Messages:
    598
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Houston, Texas USA
    cPanel Access Level:
    Root Administrator
    Fixed. Just update the StatSelect addon module. It will occur automatically once upcp runs.
     
  4. easyhoster1

    easyhoster1 Well-Known Member

    Joined:
    Sep 25, 2003
    Messages:
    659
    Likes Received:
    0
    Trophy Points:
    16
    Or run the following to fix now.

    /usr/local/cpanel/whostmgr/bin/whostmgr2 --updateaddons
     
  5. electric

    electric Well-Known Member

    Joined:
    Nov 5, 2001
    Messages:
    697
    Likes Received:
    1
    Trophy Points:
    18
    Thanks! Strange thing is that the StatSelect addon module is not currently selected... is this normal?

    The only addon that is selected for my server is the "pro" addon.
     
  6. LP-Trel

    LP-Trel Well-Known Member

    Joined:
    Oct 13, 2003
    Messages:
    184
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Nirvana
    It seems to be in both.

    Add the error in packaging (StatSelect in basic Pro) to bugzilla.
     
  7. mr.wonderful

    mr.wonderful BANNED

    Joined:
    Feb 1, 2004
    Messages:
    345
    Likes Received:
    0
    Trophy Points:
    0
    I have to roll my eyes when i noticed that you reached MODERATOR status around here IE :rolleyes:

    Your such a big shot around here now. MODERATOR, WOW! Something you were obviously striving to be, the big moderator around here. Who knows why! For some reason you though you were so important or something, anyway Congrats! You finally reached your goal.

    If i had a tin star, i give it to you, so you could pin it to your chest! Your da shit!, not! :rolleyes:

    ...and please dont suspend my account for saying so. Im sure you'd like to!

    And one more thing, Hows webumake selling? It sounds like a dying product. Has anyone even bought a copy? I think this is what your promoting in your signature including all your wonderful services. Its a treat!
     
    #7 mr.wonderful, May 4, 2005
    Last edited: May 4, 2005
  8. gorilla

    gorilla Well-Known Member

    Joined:
    Feb 3, 2004
    Messages:
    699
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Sydney / Australia
    Chirpy's services are spot on and he's been always a helpfull influenze in this forum , unlike others ! ;)
     
  9. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    What is your problem? You're right, I don't think Chirpy should ban you, but I think someone else should. You're pathetic.
     
  10. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Too late, he's toast.
     
  11. Darren

    Darren Well-Known Member
    Staff Member

    Joined:
    Dec 26, 2001
    Messages:
    1,957
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Houston, TX
    Someone beat me to it, it appears.
    The attitudes of those who post such messages are beyond me;
    I can only guess that it is some form of abuse/abuser syndrome
    from childhood. Regardless of the reason, however, people who
    act that way will quickly find they are not welcome and will receive
    no support in this forum should I see it. There are an unfortunate
    plethora of forums/bbs on the 'net for folks to rant and rave and
    talk trash.. whatever. this is not one of them.
    If you are having a bad day, please do not act in a disrespectful manner
    towards another (mod or not), but rather go soak in the tub, do some
    tai chi, play solitaire on the easy level; whatever blows your skirt up..
    Just please keep it off this forum. :eek:
     
  12. electric

    electric Well-Known Member

    Joined:
    Nov 5, 2001
    Messages:
    697
    Likes Received:
    1
    Trophy Points:
    18
    Thanks Chirpy.

    cpanel has now been upgraded to the latest release version, and this bug is still occuring. I'll go ahead and submit a new bugzilla ticket.

    Cheers!
     
  13. BenThomas

    BenThomas Well-Known Member

    Joined:
    Feb 12, 2004
    Messages:
    598
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Houston, Texas USA
    cPanel Access Level:
    Root Administrator
    I see potential for this remaining an issue for some of our customers. The case is that Stats Select was at one time bundled with Pro. So if you had Pro installed, and never installed the now seperate Stats Select addon, then you could potentially have the older version of Stats Select lingering around. If you use Stats Select, then make sure that it is installed in the "Addon Modules" section of the WHM. If it is installed and you're still having the issue, then uninstall and reinstall it just for kicks. Let me know if that doesn't solve the issue.

    Thanks
     
  14. gorilla

    gorilla Well-Known Member

    Joined:
    Feb 3, 2004
    Messages:
    699
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Sydney / Australia
    uninstall and reinstall does the trick ;)
     
Loading...

Share This Page