Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

password protect security problem

Discussion in 'Security' started by Snowman30, Jul 17, 2007.

  1. Snowman30

    Snowman30 Well-Known Member
    PartnerNOC

    Joined:
    Apr 7, 2002
    Messages:
    679
    Likes Received:
    0
    Trophy Points:
    316
    cPanel Access Level:
    DataCenter Provider
    I have just been notified by a client that the .htaccess password protect function is playing up on accounts on one of our servers

    lets say you password protect the folder /public_html/admin

    and you set a user as "admin" with a pass of say "foobar"

    well we have found that foo, foob, fooba and foobars all let the user login

    this is very wrong anyone have any ideas as to whats going on?

    we are using the latest CPanel 11 R release
     
  2. Gausar

    Gausar Registered

    Joined:
    Oct 17, 2006
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    151
    Cannot reproduce your problem

    I tested on couple of my server and could not reproduce this issue.
    You sure it is not something else.
     
  3. Snowman30

    Snowman30 Well-Known Member
    PartnerNOC

    Joined:
    Apr 7, 2002
    Messages:
    679
    Likes Received:
    0
    Trophy Points:
    316
    cPanel Access Level:
    DataCenter Provider
    well i dont knwo what else it could be, its just a htaccess password protected directory
     
  4. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,129
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    New York


    Which version of Apache are you running ?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Snowman30

    Snowman30 Well-Known Member
    PartnerNOC

    Joined:
    Apr 7, 2002
    Messages:
    679
    Likes Received:
    0
    Trophy Points:
    316
    cPanel Access Level:
    DataCenter Provider
    still running 1.3

    I cant recreate the error other than on this one server which has me completely stumped
     
  6. Frimon86

    Frimon86 BANNED

    Joined:
    Jun 4, 2007
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    156
    This could be a setting inside of your server whm config I think. Have you tried checking your server whm?!?
     
  7. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,129
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    New York
    If you can get one of the offending .htaccess files and upload it here (don't change anything except stuff that might expose your server) that would help.

    Its possible one or more lines is messed up, especially the "require" statement. Its a long shot, but that would explain the error you are seeing.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. onaweb

    onaweb Well-Known Member

    Joined:
    Jan 1, 2004
    Messages:
    76
    Likes Received:
    0
    Trophy Points:
    156
    Hello,
    I am experiencing the same issue. I have a password of user2007 and you can enter user200, user2008, user2009, user20 - they all let you log in.

    Did anyone find a solution to this issue?

    Thanks,
    Andy
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice