Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Password Change sent in Plain Text ?

Discussion in 'Security' started by egsi, Nov 3, 2010.

  1. egsi

    egsi Member

    Aug 12, 2009
    Likes Received:
    Trophy Points:
    I just did a password change of a cpanel account (via cPanel) and noticed the following in the daily logwatch email.

    The actual new password was where I've replaced the text with 'mynewpassword'.

    Should this be happening? This password is esentially now in my logs in plaintext !?

    --------------------- Connections (secure-log) Begin ------------------------ 
    **Unmatched Entries**
    Cp-Wrap[14603]: Pushing "511 CHECKDOMAINIPFORSSL " to '/usr/local/cpanel/bin/ssladmin' for UID: 511 
    Cp-Wrap[24439]: Pushing "511 LISTDBSWITHSPACE " to '/usr/local/cpanel/bin/mysqladmin' for UID: 511 
    Cp-Wrap[24555]: Pushing "511 REFRESH 0 0 " to '/usr/local/cpanel/bin/ftpadmin' for UID: 511 
    Cp-Wrap[24560]: Pushing "511 UPDATEPRIVS " to '/usr/local/cpanel/bin/mysqladmin' for UID: 511 
    Cp-Wrap[24564]: Pushing "511 CHANGEPASSWD [B]mynewpassword[/B]" to '/usr/local/cpanel/bin/securityadmin' for UID: 511 
    Cp-Wrap[24578]: Pushing "511 LISTSTORE 0 0 " to '/usr/local/cpanel/bin/ftpadmin' for UID: 511 
    11326 Ignored Lines
    ---------------------- Connections (secure-log) End ------------------------- 

Share This Page