Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Password Change sent in Plain Text ?

Discussion in 'Security' started by egsi, Nov 3, 2010.

  1. egsi

    egsi Member

    Joined:
    Aug 12, 2009
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    51
    I just did a password change of a cpanel account (via cPanel) and noticed the following in the daily logwatch email.

    The actual new password was where I've replaced the text with 'mynewpassword'.

    Should this be happening? This password is esentially now in my logs in plaintext !?

    Code:
    --------------------- Connections (secure-log) Begin ------------------------ 
    
    
    **Unmatched Entries**
    Cp-Wrap[14603]: Pushing "511 CHECKDOMAINIPFORSSL myurl.com " to '/usr/local/cpanel/bin/ssladmin' for UID: 511 
    Cp-Wrap[24439]: Pushing "511 LISTDBSWITHSPACE " to '/usr/local/cpanel/bin/mysqladmin' for UID: 511 
    Cp-Wrap[24555]: Pushing "511 REFRESH 0 0 " to '/usr/local/cpanel/bin/ftpadmin' for UID: 511 
    Cp-Wrap[24560]: Pushing "511 UPDATEPRIVS " to '/usr/local/cpanel/bin/mysqladmin' for UID: 511 
    Cp-Wrap[24564]: Pushing "511 CHANGEPASSWD [B]mynewpassword[/B]" to '/usr/local/cpanel/bin/securityadmin' for UID: 511 
    Cp-Wrap[24578]: Pushing "511 LISTSTORE 0 0 " to '/usr/local/cpanel/bin/ftpadmin' for UID: 511 
    
    11326 Ignored Lines
    
    ---------------------- Connections (secure-log) End ------------------------- 
    
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice