The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Password reset function of CPanel

Discussion in 'General Discussion' started by tonedog, Aug 19, 2008.

  1. tonedog

    tonedog Member

    Joined:
    Nov 11, 2005
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    I know that years ago this was an issue, but I cannot find irrefutable evidence that this is now safe to enable in "tweak settings"

    Is it OK to check the box for "Allow cPanel users to reset their password via email" ?

    Thanks
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,449
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Not really. Safe is a relative term in shared hosting though. Some things you just need to use even knowing you probably shouldn't be. I think this is one of them.

    My 2
     
  3. tonedog

    tonedog Member

    Joined:
    Nov 11, 2005
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    What makes you consider it unsafe?
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    It's unsafe in the sense that it allows an external request to reset a password. I'm not aware of any current vulnerabilities with the function, but the risks are always there. It's similar to allowing anonymous FTP to the server. It may be currently "safe" but if an exploit is found in the future it makes it ever more trivial to exploit.
     
Loading...

Share This Page