The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

password protect security problem

Discussion in 'Security' started by Snowman30, Jul 17, 2007.

  1. Snowman30

    Snowman30 Well-Known Member
    PartnerNOC

    Joined:
    Apr 7, 2002
    Messages:
    681
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    DataCenter Provider
    I have just been notified by a client that the .htaccess password protect function is playing up on accounts on one of our servers

    lets say you password protect the folder /public_html/admin

    and you set a user as "admin" with a pass of say "foobar"

    well we have found that foo, foob, fooba and foobars all let the user login

    this is very wrong anyone have any ideas as to whats going on?

    we are using the latest CPanel 11 R release
     
  2. Gausar

    Gausar Registered

    Joined:
    Oct 17, 2006
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Cannot reproduce your problem

    I tested on couple of my server and could not reproduce this issue.
    You sure it is not something else.
     
  3. Snowman30

    Snowman30 Well-Known Member
    PartnerNOC

    Joined:
    Apr 7, 2002
    Messages:
    681
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    DataCenter Provider
    well i dont knwo what else it could be, its just a htaccess password protected directory
     
  4. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York


    Which version of Apache are you running ?
     
  5. Snowman30

    Snowman30 Well-Known Member
    PartnerNOC

    Joined:
    Apr 7, 2002
    Messages:
    681
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    DataCenter Provider
    still running 1.3

    I cant recreate the error other than on this one server which has me completely stumped
     
  6. Frimon86

    Frimon86 BANNED

    Joined:
    Jun 4, 2007
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    0
    This could be a setting inside of your server whm config I think. Have you tried checking your server whm?!?
     
  7. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    If you can get one of the offending .htaccess files and upload it here (don't change anything except stuff that might expose your server) that would help.

    Its possible one or more lines is messed up, especially the "require" statement. Its a long shot, but that would explain the error you are seeing.
     
  8. onaweb

    onaweb Well-Known Member

    Joined:
    Jan 1, 2004
    Messages:
    76
    Likes Received:
    0
    Trophy Points:
    6
    Hello,
    I am experiencing the same issue. I have a password of user2007 and you can enter user200, user2008, user2009, user20 - they all let you log in.

    Did anyone find a solution to this issue?

    Thanks,
    Andy
     
Loading...

Share This Page