Zero Posted May 27, 2007 Share Posted May 27, 2007 make sure you have a very secure root passowrd set. After recent updates if you were to add a client domain even though a different username with the same password as your root password That user would have root access to everyones domains Link to comment Share on other sites More sharing options...
ECF Posted May 27, 2007 Share Posted May 27, 2007 Ouchy! That's not good. Link to comment Share on other sites More sharing options...
bryan Posted May 27, 2007 Share Posted May 27, 2007 I noticed that when I made a sub site with different username but same password. I still login with my WHM access Link to comment Share on other sites More sharing options...
swish Posted May 27, 2007 Share Posted May 27, 2007 Sounds like some developer made a boo-boo. Thats not good at all. Link to comment Share on other sites More sharing options...
Defcon|Rich Posted May 28, 2007 Share Posted May 28, 2007 Has there been any updates pushed out to patch this? Link to comment Share on other sites More sharing options...
Zero Posted May 28, 2007 Author Share Posted May 28, 2007 Not as of yet they havent. I only found out by accident cause i use 10 domains with the same password and wondered why i had the fropdown up at the top of cpanel to switch between other peoples account. however this doesnt effect user accounts with the same password just make sure the root password is a really secure one Link to comment Share on other sites More sharing options...
DeadBeet Posted May 29, 2007 Share Posted May 29, 2007 Who would make their Root password something simple?? Thats stupidity... Link to comment Share on other sites More sharing options...
TheHeartSmasher Posted May 30, 2007 Share Posted May 30, 2007 The root password should be alphanumeric and not be in the form of a word or phrase. Link to comment Share on other sites More sharing options...
kalyse Posted June 3, 2007 Share Posted June 3, 2007 CPanel used to be my favourite panel but then I used Plesk and prefer that a lot. Im surpsied this problem exists, have Cpanel mentioned it as a securiy problem anywhere or on their site? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.