password protect security problem

S

Snowman30

Well-Known Member
PartnerNOC
Apr 7, 2002
679
0
316
cPanel Access Level
DataCenter Provider
I have just been notified by a client that the .htaccess password protect function is playing up on accounts on one of our servers

lets say you password protect the folder /public_html/admin

and you set a user as "admin" with a pass of say "foobar"

well we have found that foo, foob, fooba and foobars all let the user login

this is very wrong anyone have any ideas as to whats going on?

we are using the latest CPanel 11 R release
 
G

Gausar

Registered
Oct 17, 2006
3
0
151
Cannot reproduce your problem

I tested on couple of my server and could not reproduce this issue.
You sure it is not something else.
 
nyjimbo

nyjimbo

Well-Known Member
Jan 25, 2003
1,135
1
168
New York
Snowman30 said:
I have just been notified by a client that the .htaccess password protect function is playing up on accounts on one of our servers

lets say you password protect the folder /public_html/admin

and you set a user as "admin" with a pass of say "foobar"

well we have found that foo, foob, fooba and foobars all let the user login

this is very wrong anyone have any ideas as to whats going on?

we are using the latest CPanel 11 R release
Click to expand...


Which version of Apache are you running ?
 
F

Frimon86

BANNED
Jun 4, 2007
31
0
156
This could be a setting inside of your server whm config I think. Have you tried checking your server whm?!?
 
nyjimbo

nyjimbo

Well-Known Member
Jan 25, 2003
1,135
1
168
New York
Snowman30 said:
still running 1.3

I cant recreate the error other than on this one server which has me completely stumped
Click to expand...
If you can get one of the offending .htaccess files and upload it here (don't change anything except stuff that might expose your server) that would help.

Its possible one or more lines is messed up, especially the "require" statement. Its a long shot, but that would explain the error you are seeing.
 
O

onaweb

Well-Known Member
Jan 1, 2004
76
0
156
Hello,
I am experiencing the same issue. I have a password of user2007 and you can enter user200, user2008, user2009, user20 - they all let you log in.

Did anyone find a solution to this issue?

Thanks,
Andy
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
M In Progress CPANEL-40585 - Force HTTPS on password-protected directory Security 6
O Allowing password protected access to public_ftp directory Security 4
K How to Password Protect multiple WP-Admin folders Security 1
D Removing Password Directory Protection via CPanel Security Tools ? Security 1
P Password Protected Dirs - Security Issue Security 1
Similar threads
In Progress CPANEL-40585 - Force HTTPS on password-protected directory
Allowing password protected access to public_ftp directory
How to Password Protect multiple WP-Admin folders
Removing Password Directory Protection via CPanel Security Tools ?
Password Protected Dirs - Security Issue
Top Bottom