User has access to ALL accounts of server

R

ruber

Member
Jun 5, 2007
22
0
151
An user of my server, when it access cPanel, opens the "root" cPanel, with all features and the list to choose any account of the server. I had tested other accounts, but happens only with this customer. What can I do to solve this? It's a critical security hole on my cPanel, I changed the customer's password to avoid the access until I can fix this...
 
cPanelKenneth

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,607
80
458
cPanel Access Level
Root Administrator
ruber said:
An user of my server, when it access cPanel, opens the "root" cPanel, with all features and the list to choose any account of the server. I had tested other accounts, but happens only with this customer. What can I do to solve this? It's a critical security hole on my cPanel, I changed the customer's password to avoid the access until I can fix this...
Click to expand...
If you changed the password and that disabled the behavior, then it sounds like his password was the same as the root password. If that is the case, then the following tweak setting is what is causing this:


Disable login with root or reseller password into the users' cPanel interface. Also disable switch account dropdown in themes with switch account feature.


Otherwise it may be as Infopro stated.
 
R

ruber

Member
Jun 5, 2007
22
0
151
cpanelkenneth said:
If you changed the password and that disabled the behavior, then it sounds like his password was the same as the root password. If that is the case, then the following tweak setting is what is causing this:


Disable login with root or reseller password into the users' cPanel interface. Also disable switch account dropdown in themes with switch account feature.


Otherwise it may be as Infopro stated.
Click to expand...

No, no...

I changed the password until this is solved, and the customer is not accessing his account until I change the password back and tell him. The accounts still appears, even with other password. I changed the password of another account to the same of that, and cPanel works fine, accessing only its account, not any other.

The problem occours only in ONE account, even changing password, recreating the account... How I can see this "Master Reseller" option? This account isn't a reseller.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
Sujoy Dhar (XID kukdhu) The domain “domain.com” already exists in the userdata. Account Administration 1
W Transferring an account that has parts of it's username already existing Account Administration 10
O user has reached 80% of their bandwidth limit. Account Administration 1
B Any way to create another user who has access to an existing user's CPanel? Account Administration 8
R user name exists? but account has been deleted in cpanel Account Administration 0
Similar threads
(XID kukdhu) The domain “domain.com” already exists in the userdata.
Transferring an account that has parts of it's username already existing
user has reached 80% of their bandwidth limit.
Any way to create another user who has access to an existing user's CPanel?
user name exists? but account has been deleted in cpanel
Top Bottom