The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security Breach between accounts

Discussion in 'Security' started by vrinteractive, Feb 21, 2005.

  1. vrinteractive

    vrinteractive Member

    Joined:
    Feb 21, 2005
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    So I have tested this with a couple of domains on different platforms.

    I have two domains
    www.mydomain.com : user mydomain
    www.yourdomain.com : user yourdomain

    http://mydomain.com:2082/frontend/x/indexmanager/index.html?dir=/home/mydomain/public_html/
    use mydomain to login

    then go to

    http://yourdomain.com:2082/frontend/x/indexmanager/index.html?dir=/home/yourdomain/public_html/
    you can go in and edit this without having to re-authenticate.
    This seems like a SIGNIFICANT security hole.

    Please advise
     
  2. jester.ro

    jester.ro Well-Known Member
    PartnerNOC

    Joined:
    Feb 6, 2004
    Messages:
    304
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Bucharest, Romania
    cPanel Access Level:
    DataCenter Provider
    doesn't work on 3 servers that i tested on.
     
  3. vrinteractive

    vrinteractive Member

    Joined:
    Feb 21, 2005
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    I'm running on:
    WHM 10.0.0 cPanel 10.0.0-R85
    Fedora i686 - WHM X v3.1.0
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    If you can recreate the issue, then you should inform security@cpanel.net immediately.

    Edit: Your user account password isn't the same as your root or reseller password is it?
     
  5. ntwaddel

    ntwaddel Well-Known Member

    Joined:
    Nov 3, 2003
    Messages:
    173
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Templeton, CA
    it does not work on my server either
     
  6. vrinteractive

    vrinteractive Member

    Joined:
    Feb 21, 2005
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    I believe it was that sessions were not disconnecting after logout. my apologies
     
Loading...

Share This Page