The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

User password the same as root issue

Discussion in 'General Discussion' started by littlened, Dec 18, 2008.

  1. littlened

    littlened Registered

    Joined:
    Mar 27, 2006
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Hi all,

    I have Cpanel installed on a VPS. Yesterday I created a new account which used the same password as the rooter user. When I then logged into the account, I had the drop down at the top of the homepage showing all accounts on the server.

    I changed the password for the user, logged out and back in again, and everything was back to normal.

    I thought this was strange and wondered if this might be a bug?

    I should probably also notify my hosting company.
     
  2. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    Fairly sure that's a feature. Easy fix: don't have the passwords the same. :P
     
  3. littlened

    littlened Registered

    Joined:
    Mar 27, 2006
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    a feature, surely its a security risk?
     
  4. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    If you think about it, you'll realize it's not a security risk. Simply use a secure password for root and you're fine.
     
  5. dansgalaxy

    dansgalaxy Well-Known Member

    Joined:
    Jan 29, 2007
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Reading, UK
    cPanel Access Level:
    Root Administrator
    I see your thoughts of what if a user happens to use the same password as root
    which is why root passwords should really be VERY long and VERY complex

    like R545VD!sdcdm)(k??>
     
  6. Voltar

    Voltar Well-Known Member

    Joined:
    Apr 30, 2007
    Messages:
    269
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Bakersfield, California
    This has been a feature of cPanel for awhile iirc, however you can disable it in WHM under Tweak Settings. I believe the setting is called "disable login to accounts using root/reseller password" or something like that.


    Most of the time I leave it enabled though because at times it is nice to not have to ask for a user's password, or reset it. My root passwords are normally 64 characters though, so I don't worry about someone having the same pass as it is highly unlikely.
     
    #6 Voltar, Dec 18, 2008
    Last edited: Dec 18, 2008
  7. dansgalaxy

    dansgalaxy Well-Known Member

    Joined:
    Jan 29, 2007
    Messages:
    92
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Reading, UK
    cPanel Access Level:
    Root Administrator

    my point exactly ;)
     
Loading...

Share This Page