Security Advisor - Reserved, Invalid, and Misconfigured Usernames

Hello Everyone!

Upcoming builds of cPanel & WHM versions 70 and 72 will include an update to Security Advisor. As part of the update, a new assessor will scan the system for existing cPanel account usernames that do not conform to current validation requirements. If the assessor finds a username that does not conform to the validation requirements, you will see one of the messages below as part of the Security Advisor State Change notification, or when scanning your system manually using WHM >> Security Advisor:

The following document was created to explain what these validation requirements are, and to offer instructions on what to do if you encounter an invalid, reserved, or misconfigured username on your cPanel system:

Reserved, Invalid, and Misconfigured Usernames - cPanel Knowledge Base - cPanel Documentation

You can adjust notification settings for Security Advisor State Change and other alert types using WHM >> Contact Manager.

For anyone interested in the code utilized with the new assessor, feel free to review the change on the Security Advisor GitHub page:

Warn users about invalid, reserved, and misconfigured usernames. · CpanelInc/addon_securityadvisor@6fc3182

Let us know if you have any questions.

Thanks!

 

Hello @sparek-3,

Most notably, we expanded the list of reserved usernames as part of TSR-2017-0006. If a reserved username was created before it was added to the expanded list, it will still exist on the system. Additionally, the new assessor will help if the list of reserved usernames is expanded again in the future.

Thank you.

 

Hello @sparek-3,

There are no active cases to add additional usernames to the reserved list at this time. It's generally something that happens as part of a security audit, a newly discovered security issue, or to address an issue with a cPanel & WHM feature.

Thank you.