Results 1 to 6 of 6
  1. #1
    Join Date
    May 2007
    Posts
    73

    cPanel logins client without their details to another account

    One of my clients reported that when he entered his domain (example.com/cpanel) he was directly logged into another account. Without being asked for username/passord.

    Somebody have any experience with this problem here, and what I can do to quickly solve/resolve the issue ?

  2. #2
    Join Date
    Mar 2008
    Location
    England, UK
    Posts
    114
    If he has cookies stored for his domain on his PC and already logged in already once with the browser still open from logging in at an earlier time, his session cookie will still be saved and active, which will keep him logged in..

    However, the fact it wasn't 'his' account did you say? Is another problem.. Is he sure it isn't his? Or is it a reseller maybe and he's accessing 1 of his clients accounts?

  3. #3
    Join Date
    May 2007
    Posts
    73
    It was infact my own private package he had access to. Soo that makes me think its some sort of failure in the system.

    This client has been with my for a good amount of time, soo I know that he is'nt "cracking/hacking" my system.


    Nobody has hear anything about this type of security issue with cPanel/WHM ?

  4. #4
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,910
    How do you know for certain he had access to your account? Have you checked the logs to see if he really did have access to your cPanel account?

    /usr/local/cpanel/logs/access_log
    Patrick William | RACK911 Labs | Software Security Auditing
    400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com

    www.HostingSecList.com - Security notices for the hosting community.

  5. #5
    It is cPanel bug. All STABLE and RELEASE users are strongly urged to update to their respective 11.18.6 release. CURRENT and EDGE users should update to the latest 11.23.1 release.
    RVGlobalSoft, Revolution Happens Everyday
    http://www.RVGlobalSoft.com - 2-factor authentication, SSL Certificate at wholesale price
    http://www.RVSiteBuilder.com - Website Builder for Hosting Provider.

  6. #6
    Join Date
    May 2003
    Posts
    1,664
    There is also another bug/feature that if any 2 accounts share a password they can see each others accounts. cPanel reported that it was a feature and not a bug even though a *nix system does not perform this function on any platform I have EVER worked on.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •