Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Securety Risk

Discussion in 'General Discussion' started by drtduarte, Apr 11, 2008.

  1. drtduarte

    drtduarte Registered

    Mar 6, 2007
    Likes Received:
    Trophy Points:
    Dear Users,

    Yesterday I found a problem on cpanel that I think it could be a potential security risk.

    If you access one account of a costumer as reseller, and you select a file with 755 permissions, that as the variable $password on it, it will catch your reseller password and your costumer could see it in the future, as well as the script using that variable will stop working.

    If you access the account as user, the file will catch the password and will stop working too, but there will be no security risk, as there is no problem if the user finds his password :).

    Waiting for your reply.
  2. cPanelNick

    cPanelNick Administrator Staff Member

    Mar 9, 2015
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    DataCenter Provider
    This is currently being investigated.
  3. BenThomas

    BenThomas Well-Known Member

    Feb 12, 2004
    Likes Received:
    Trophy Points:
    Houston, Texas USA
    cPanel Access Level:
    Root Administrator
    I believe this issue was fixed in recent builds, but the reported issue was not in the same context. We have disabled the automatic variable interpolation that was occurring in the editors in the File Manager and subsequently resolved this issue. I am currently unable to reproduce the reported issue with a recent build (11.18.3-STABLE).

    Overall, the scenario outlined in your initial post is very unlikely but possible. A reseller shouldn't be using their auth transfer to interact with the File Manager and edit a customer's files.

    As usual, any such report of an abhorrent behavior should include the cPanel build version. That information is key to investigating these types of issues.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice