Users are allowed to change to any account

[hgonzale3]

Hello hello friends. I hope everything is ok

My story, I have a "old" since 2003 server running cpanel for my websites and some friends. Is not really a reseller for business, but anyway, I have accounts for friends and companies in development.

Somadays ago I discovered many files and stuff in many accounts and new emails account.

I am doing a full review of everything and I discovered, I don't know since this issue is happening that EVERY account is able to switch to another account that ARE under the same "reseller"

The accounts AREN'T the resellers or root...

Look this please, from the WHM

Image 01: the account aisnetworks is under the reseller gilberto. IS NOT a reseller!!!!!
image 02: entering like user cpanel via: www.serveraddress.com/cpanel (2083 port). User: aisnetworks
Image 03: Look how I am able to switch to ANY account that are under the same reseller!

If you see in the image 04, I have in Tweak settings the following:

Accounts that can access a cPanel user account: Root, Account-Owner, and cPanel User default

Is the normal option. I understand, root can access users account, reseller owner can access cpanel account, and the user can access his "only" account

Is what I understand...

Thank you to anybody than can help me how to avoid it

Is a pleasure!

 

[cPRex]

Hey there! Is it possible this user shares the same password as the reseller user? If so, that could explain the behavior. Could you also confirm what cPanel version you are using?

 

[hgonzale3]

Hey there! Is it possible this user shares the same password as the reseller user? If so, that could explain the behavior. Could you also confirm what cPanel version you are using?

I am not able to know the password for the users/friends. Everybody use their own passwords. But all my accounts (I have 4) with different passwords are allow to see ALL the accounts under the same "reseller" (gilberto).

gilberto is the main account, under gilberto there are about 20 accounts, mine are 4.... 4 are able to see ALL the others accounts under "gilberto".

Really I don't known since it its happening. I don't enter so much in cpanel. I don't need to create emails or something, I don't update my webpage, is more email server for me and space for friends. Really I don't know since when it is happening

I discover it because one friend account was "hacked" (password leaked) and somebody enter in his account and install fake coinbase pishing sites... but, also the "hacker" installed the same on ALL the account under the same reseller. I discover which one account was (logging from Nigeria) and the hacker was able to put files on all the sites... using this "problem"....

I have the following:


CentOS v7.9.2009 STANDARD standard
cPanel Version 110.0.10

 

[cPRex]

Thanks for the additional details. The only time I've seen this happen is when the user that you're logging in with shares the password with either root or a reseller. There isn't another way to make that happen.

The only way to confirm this would be to request the password from the user in question. You could also reset the password for the account in question to something completely random and then see if the behavior stays the same.

 

[hgonzale3]

Thank you for your info, but.. in general, my root password doesn't match in any case with my other 4 accounts.... I am 100% sure jajajaajaja, even they have different length.

and just talking, how is possible you can have root access just because your password match with the root password. Imagine, is possible to make a coincidence... is just propability, close to 0, but never 0.....

And remember, I have 4 accounts.... 4 with different passwords (ais.... internet, masamor, acceso.....) all of them can change to any account!

 

[cPRex]

Could you submit a ticket to our team about this issue so we can take a look?

 

[hgonzale3]

Could you submit a ticket to our team about this issue so we can take a look?

Of course..... I will do it, will you read it, or do I need to explain everything again? what is the link for the tickets?

Thank youuuu

 

[quietFinn]

You can always give a link to this thread in the ticket.

 

[cPRex]

Yes, you can post the link to this thread in the ticket, but you should include all the details there as well.

You can open a ticket through WHM >> Create a Support Ticket.