Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

User has access to ALL accounts of server

Discussion in 'General Discussion' started by ruber, Feb 26, 2008.

  1. ruber

    ruber Member

    Joined:
    Jun 5, 2007
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    151
    An user of my server, when it access cPanel, opens the "root" cPanel, with all features and the list to choose any account of the server. I had tested other accounts, but happens only with this customer. What can I do to solve this? It's a critical security hole on my cPanel, I changed the customer's password to avoid the access until I can fix this...
     
    #1 ruber, Feb 26, 2008
  2. BianchiDude

    BianchiDude Well-Known Member
    PartnerNOC

    Joined:
    Jul 2, 2005
    Messages:
    619
    Likes Received:
    0
    Trophy Points:
    166
    Do they have UID 0? Is there password the same as your root pass?
     
    #2 BianchiDude, Feb 26, 2008
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Sounds like you made the account a master reseller.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 Infopro, Feb 26, 2008
  4. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,563
    Likes Received:
    42
    Trophy Points:
    308
    cPanel Access Level:
    Root Administrator
    If you changed the password and that disabled the behavior, then it sounds like his password was the same as the root password. If that is the case, then the following tweak setting is what is causing this:


    Disable login with root or reseller password into the users' cPanel interface. Also disable switch account dropdown in themes with switch account feature.


    Otherwise it may be as Infopro stated.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 cPanelKenneth, Feb 27, 2008
  5. ruber

    ruber Member

    Joined:
    Jun 5, 2007
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    151

    No, no...

    I changed the password until this is solved, and the customer is not accessing his account until I change the password back and tell him. The accounts still appears, even with other password. I changed the password of another account to the same of that, and cPanel works fine, accessing only its account, not any other.

    The problem occours only in ONE account, even changing password, recreating the account... How I can see this "Master Reseller" option? This account isn't a reseller.
     
    #5 ruber, Feb 28, 2008
  6. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,563
    Likes Received:
    42
    Trophy Points:
    308
    cPanel Access Level:
    Root Administrator
    What is the UID of this user?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 cPanelKenneth, Feb 29, 2008
(You must log in or sign up to post here.)
Loading...
Similar Threads - User access accounts
  1. Rick Davis

    Disable access to all users email accounts?

    Rick Davis, Jun 28, 2018, in forum: Security
    Replies:
    3
    Views:
    124
    cPanelLauren
    Jun 29, 2018
  2. Sujoy Dhar

    Bulk Overwrite .htaccess file in all user accounts?

    Sujoy Dhar, Mar 31, 2018, in forum: General Discussion
    Replies:
    6
    Views:
    212
    cPanelMichael
    Apr 5, 2018
  3. Tassilo

    Unable to access user's web dir

    Tassilo, Aug 11, 2018 at 6:40 AM, in forum: General Discussion
    Replies:
    1
    Views:
    36
    cPanelLauren
    Aug 13, 2018 at 2:00 PM
  4. elyday

    Disable user access_log

    elyday, May 25, 2018, in forum: EasyApache
    Replies:
    1
    Views:
    86
    cPanelLauren
    May 29, 2018
  5. ADGau

    Create additional users with restricted access permissions?

    ADGau, Apr 25, 2018, in forum: General Discussion
    Replies:
    1
    Views:
    146
    cPanelLauren
    Apr 26, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice