The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Webmail login session in /tmp with password in plain text

Discussion in 'Security' started by enboig, Apr 24, 2012.

  1. enboig

    enboig Member

    Joined:
    Apr 25, 2008
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    While loggin using webmail to the reseller account, I checked the /tmp folder and I found a file containing my login info, and user and password where in plain text. Is it normal? Is this a security issue?

    -bash-3.2# lsof | grep tmp
    php-cgi 950 resaccount 3uW REG 253,2 5184383 59 /tmp/sess_a4737a98edbfb0be5c99ad580c6cef83
    ........

    -bash-3.2# cat /tmp/sess_a4737a98edbfb0be5c99ad580c6cef83
    login_auth|s:3:"YES";login_auth_user|s:8:"resaccount";login_auth_pass|s:18:"plainpass";......
     
  2. SoftDux

    SoftDux Well-Known Member

    Joined:
    May 27, 2006
    Messages:
    983
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Johannesburg, South Africa
    cPanel Access Level:
    Root Administrator
    yup, I see that too. it's rather scary! Can anyone from cPanel comment on this?
     
  3. nwtg

    nwtg Active Member

    Joined:
    Dec 24, 2010
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Portland, Oregon
    cPanel Access Level:
    Root Administrator
    It's been this way for a while. I would suggest implementing support for suPHP.
     
    #3 nwtg, May 3, 2012
    Last edited: May 3, 2012
  4. RACKSET

    RACKSET Active Member

    Joined:
    Apr 28, 2006
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    localhost
    Any update for this?
     
  5. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    This came up in a security audit we performed on our software in March and we are planning to resolve this. The case number associated with this is case 39464.

    A few things to keep in mind:
    - These files are 0700, meaning only user root can read them
    - With source IP checking on cookies enabled (the default for the last couple major versions), simply editing one's cookie jar will not work to hijack another person's account. All this does is redirect to a login screen, prompting for the user's password.

    If anyone still has concerns (or thinks of new attack vectors), feel welcome to vocalize. However, we are currently targeting this (and other items discovered in our audit) to be fixed in version 11.34.
     
Loading...

Share This Page