Warning to cpanel users

[Zero]

make sure you have a very secure root passowrd set. After recent updates if you were to add a client domain even though a different username with the same password as your root password That user would have root access to everyones domains

[ECF]

Ouchy! That's not good.

[bryan]

I noticed that when I made a sub site with different username but same password. I still login with my WHM access

[swish]

Sounds like some developer made a boo-boo. Thats not good at all.

[Defcon|Rich]

Has there been any updates pushed out to patch this?

[Zero]

Not as of yet they havent. I only found out by accident cause i use 10 domains with the same password and wondered why i had the fropdown up at the top of cpanel to switch between other peoples account. however this doesnt effect user accounts with the same password just make sure the root password is a really secure one

[DeadBeet]

Who would make their Root password something simple?? Thats stupidity...

[TheHeartSmasher]

The root password should be alphanumeric and not be in the form of a word or phrase.

[kalyse]

CPanel used to be my favourite panel but then I used Plesk and prefer that a lot. Im surpsied this problem exists, have Cpanel mentioned it as a securiy problem anywhere or on their site?