Logging into any reseller account using root's password

Rafcio

• December 08, 2017 07:52

Hello, today I have noticed that I am able to login into any reseller (WHM) account using root's password. I don't know if it's a bug or a feature :)

• 

  Infopro

  • December 08, 2017 13:02

  WebHost Manager "Server Configuration "Tweak Settings, System tab: Accounts that can access a cPanel user account: This setting specifies who can access a user"s cPanel account. Account-Owner refers to the particular reseller that owns the user account. Note: Disabling root access here will also disable root"s access to the Branding Editor in WHM.
  

  0
• 

  Rafcio

  • December 08, 2017 13:12

  So it's ok that I can go into WHM login page and type login: resellername password: rootpassword and log in?

  0
• 

  Infopro

  • December 08, 2017 13:21

  My apologies I misread your post. With root password you can login to any account.

  0
• 

  Rafcio

  • December 08, 2017 13:30

  No problemo, thank you for quick reply. I thought that it might be a bug causing potential security risk but with strong root password it should not be a problem. Anyway, is there any way to disable this feature?

  0
• 

  Infopro

  • December 08, 2017 15:00

  Adding Two Factor Authentication can add another layer of security to your system and accounts.

  0

Please sign in to leave a comment.