Problem security access account email from webmail

[eile87]

Hi all,

i ask some help about a security problem. I have some servers with cpanel / WHM installed on them, i use as webmail classical client as Horde, Roundcube and Squirrelmail, i'm seeing that if i login into cpanel user account i can enter normally in every email account through webmail without form login or other problem..so can be put some security protection to avoid that user account logged into cpanel can enter in each account email directly?

I haven't found documentation about it.

Thank you for the help.
Regards

 

[cPanelMichael]

Hello,

This is by design. You can review a full response about the decision behind this behavior under the "Comments" section at:

Remove 'Access Webmail' from Email Accounts

Keep in mind the cPanel user is not actually authenticating with the individual email account password. Instead, a temporary session is created for the transfer between cPanel and Webmail. If you attempt to log into Webmail directly (as an email account user) with the cPanel user's password, or you attempt to do the same thing over IMAP, it will still fail.

Thank you.

 

[eile87]

Hi Michael,

Thank you for your reply, however there's a configuration or a workaround to not permitt user that login into cpanel to enter directcly in each account email for his domain? In this way a user can potentially login in every account email and controll them.

Thank you.
Best regards.

 

[cPanelMichael]

Thank you for your reply, however there's a configuration or a workaround to not permitt user that login into cpanel to enter directcly in each account email for his domain? In this way a user can potentially login in every account email and controll them.

There's no feature to disable this functionality. You can find the reason why is by-design under the "Top Comment" on the feature request referenced in my previous response.

Let us know if you have any additional questions.

Thanks!