User 1 can log in with User 2 PW?

M

mealto

Well-Known Member
Oct 20, 2006
175
0
166
Just noticed that when we accessed domain.com/cpanel and mistakenly entered ID + PW from domain2.com, we were able to log in. The URL indicates that we are on domain.com:2083/frontend/x/sql/index.html but the database we are looking at is from domain2.com. When clicking on phpmyadmin on this page, we are taken to the database on domain2.com. Yikes! Both of these domains run on the same VPS. Is this normal?
 
H

HelloAdam

Well-Known Member
Nov 6, 2005
145
0
166
Hey,

Yes it is! You can go to any domain and type /cpanel and login with any username and password of any account on that server. However the account informtaion you put will be same on what ever domain you are using. So you will also see domain2 users information visting domain1 and domain500 website...

From,
Adam
 
J

jayh38

Well-Known Member
Mar 3, 2006
1,212
0
166
If this bothers you, you can edit tweak settings and check the box:

When visiting /cpanel or /whm or /webmail with ssl redirect to the servers hostname.


This will require knowing the user name and pass unlike the original method
of automatically assuming the user name by visting the domain.

So, anyone visting any /cpanel url will be thrown to the host url without
being associated with a domain.
 
M

mealto

Well-Known Member
Oct 20, 2006
175
0
166
jayh38 said:
If this bothers you, you can edit tweak settings and check the box:

When visiting /cpanel or /whm or /webmail with ssl redirect to the servers hostname.
Click to expand...
Would this add (even if it's slight) some security to the setup?

In fact, Cpanel default with the first 8 characters of the domain as the user ID. It would make sense to change this to add another layer of security then?
 
J

jayh38

Well-Known Member
Mar 3, 2006
1,212
0
166
Yes, that would add a lot more security as anyone wishing to login would not get the assumed user name by vising the domain of the account. Instead they have to know what the account name is and the password.

I try to encourage users to create names other than the easily guessed names cPanel creates based off the domain name.
 
M

mealto

Well-Known Member
Oct 20, 2006
175
0
166
Thanks Jay. I was thinking the same thing a few weeks back. Now I know and they have been changed. Thanks!
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
BrianLayman xfercpanel not working and reports "You must specify a username to log in." Account Administration 5
PCZero Add user and enable SSH2 - can't log in Account Administration 2
T Cpanel full backup via ssh, but logged as cpanel user Account Administration 1
M cPanel User Login Logging? Account Administration 6
Anupam SG cPanel User logging in as Root Account Administration 2
Similar threads
xfercpanel not working and reports "You must specify a username to log in."
Add user and enable SSH2 - can't log in
Cpanel full backup via ssh, but logged as cpanel user
cPanel User Login Logging?
cPanel User logging in as Root
Top Bottom