User password the same as root issue

littlened · Dec 18, 2008

Hi all,

I have Cpanel installed on a VPS. Yesterday I created a new account which used the same password as the rooter user. When I then logged into the account, I had the drop down at the top of the homepage showing all accounts on the server.

I changed the password for the user, logged out and back in again, and everything was back to normal.

I thought this was strange and wondered if this might be a bug?

I should probably also notify my hosting company.

brianoz · Dec 18, 2008

Fairly sure that's a feature. Easy fix: don't have the passwords the same. :P

littlened · Dec 18, 2008

brianoz said:
Fairly sure that's a feature. Easy fix: don't have the passwords the same. :P

a feature, surely its a security risk?

brianoz · Dec 18, 2008

If you think about it, you'll realize it's not a security risk. Simply use a secure password for root and you're fine.

dansgalaxy · Dec 18, 2008

I see your thoughts of what if a user happens to use the same password as root
which is why root passwords should really be VERY long and VERY complex

like R545VD!sdcdm)(k??>

Voltar · Dec 18, 2008

This has been a feature of cPanel for awhile iirc, however you can disable it in WHM under Tweak Settings. I believe the setting is called "disable login to accounts using root/reseller password" or something like that.

Most of the time I leave it enabled though because at times it is nice to not have to ask for a user's password, or reset it. My root passwords are normally 64 characters though, so I don't worry about someone having the same pass as it is highly unlikely.

dansgalaxy · Dec 18, 2008

Voltar said:
This has been a feature of cPanel for awhile iirc, however you can disable it in WHM under Tweak Settings. I believe the setting is called "disable login to accounts using root/reseller password" or something like that.

Most of the time I leave it enabled though because at times it is nice to not have to ask for a user's password, or reset it. My root passwords are normally 64 characters though, so I don't worry about someone having the same pass as it is highly unlikely.

my point exactly

Thread starter	Similar threads	Forum	Replies	Date
C	How do I change the username and password for my reseller account (master login to cpanel)	Security	2	Jun 18, 2020
W	Checking for accounts with same username and password	Security	2	Feb 19, 2008
M	Password that is the same as your username?	Security	10	Mar 23, 2006
M	Change CPanel/MySQL password for user at the same time	Security	1	Mar 15, 2006
A	resellers creating accounts with same username and password	Security	2	Jun 17, 2005

Search

Search

User password the same as root issue

littlened

Registered

brianoz

Well-Known Member

littlened

Registered

brianoz

Well-Known Member

dansgalaxy

Well-Known Member

Voltar

Well-Known Member

dansgalaxy

Well-Known Member