Username allowed in password

Sis.temas

• May 19, 2020 02:50

I have recently verified that you can use your own username as a password (at least for email from CPanel) Example: Email: john.smith23@example.com Password: john.smith23 My CPanel says it is a very secure password!! Is there a way to prevent this terrible feature?

• 

  GOT

  • May 19, 2020 15:33

  Are you the root admin? If so, set you password strength minimums much higher. Its in whm in the security section.

  0
• 

  Sis.temas

  • May 19, 2020 16:44

  That wouldn't help much because the password "john.smith23", which is exactly the username, has already a score of 94. There should be a specific check that the username is not contained in the password. After reading this I would think that this option would exist:

  0
• 

  cPanelLauren

  • May 19, 2020 21:37

  That Feature request you note is referencing the cPanel account's username you're referencing an email account - which I'd assume would be different. I do agree with you that this should not be the case. I was able to replicate this and I will open a case on this and update you of the case ID as soon as I have it available.

  0

Please sign in to leave a comment.