JRuthe

Registered
Jul 11, 2006
4
0
151
Hello,

I've had two people who, today, tried to login into cPanel, but upon logging in they discovered they were logged in as a completely different user. They had access to their databases, files, everything.

My main concern is how can I fix this from happening? I am willing to provide more information, I just feel that this is a pretty serious flaw.

cPanel is currently using the session authentication method.

Thanks for your time,
Jordan
 
Last edited:

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,607
79
458
cPanel Access Level
Root Administrator
Place a check in the checkbox for this Tweak Setting:

Disable login with root or reseller password into the users' cPanel interface. Also disable switch account dropdown in themes with switch account feature.



After saving, that behavior should go away.