The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

User has access to ALL accounts of server

Discussion in 'General Discussion' started by ruber, Feb 26, 2008.

  1. ruber

    ruber Member

    Joined:
    Jun 5, 2007
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    An user of my server, when it access cPanel, opens the "root" cPanel, with all features and the list to choose any account of the server. I had tested other accounts, but happens only with this customer. What can I do to solve this? It's a critical security hole on my cPanel, I changed the customer's password to avoid the access until I can fix this...
     
  2. BianchiDude

    BianchiDude Well-Known Member
    PartnerNOC

    Joined:
    Jul 2, 2005
    Messages:
    619
    Likes Received:
    0
    Trophy Points:
    16
    Do they have UID 0? Is there password the same as your root pass?
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,474
    Likes Received:
    202
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Sounds like you made the account a master reseller.
     
  4. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,461
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    If you changed the password and that disabled the behavior, then it sounds like his password was the same as the root password. If that is the case, then the following tweak setting is what is causing this:


    Disable login with root or reseller password into the users' cPanel interface. Also disable switch account dropdown in themes with switch account feature.


    Otherwise it may be as Infopro stated.
     
  5. ruber

    ruber Member

    Joined:
    Jun 5, 2007
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1

    No, no...

    I changed the password until this is solved, and the customer is not accessing his account until I change the password back and tell him. The accounts still appears, even with other password. I changed the password of another account to the same of that, and cPanel works fine, accessing only its account, not any other.

    The problem occours only in ONE account, even changing password, recreating the account... How I can see this "Master Reseller" option? This account isn't a reseller.
     
  6. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,461
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    What is the UID of this user?
     
Loading...

Share This Page