The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Problem security access account email from webmail

Discussion in 'General Discussion' started by eile87, Aug 4, 2016.

Tags:
  1. eile87

    eile87 Member

    Joined:
    Sep 12, 2012
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi all,

    i ask some help about a security problem. I have some servers with cpanel / WHM installed on them, i use as webmail classical client as Horde, Roundcube and Squirrelmail, i'm seeing that if i login into cpanel user account i can enter normally in every email account through webmail without form login or other problem..so can be put some security protection to avoid that user account logged into cpanel can enter in each account email directly?

    I haven't found documentation about it.

    Thank you for the help.
    Regards
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    This is by design. You can review a full response about the decision behind this behavior under the "Comments" section at:

    Remove 'Access Webmail' from Email Accounts

    Keep in mind the cPanel user is not actually authenticating with the individual email account password. Instead, a temporary session is created for the transfer between cPanel and Webmail. If you attempt to log into Webmail directly (as an email account user) with the cPanel user's password, or you attempt to do the same thing over IMAP, it will still fail.

    Thank you.
     
  3. eile87

    eile87 Member

    Joined:
    Sep 12, 2012
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi Michael,

    Thank you for your reply, however there's a configuration or a workaround to not permitt user that login into cpanel to enter directcly in each account email for his domain? In this way a user can potentially login in every account email and controll them.

    Thank you.
    Best regards.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    There's no feature to disable this functionality. You can find the reason why is by-design under the "Top Comment" on the feature request referenced in my previous response.

    Let us know if you have any additional questions.

    Thanks!
     
Loading...

Share This Page