The single user can view other user's cPanels when logged in via server's url
Hi all,
I am trying to find out why if a users logged into their cPanel via server's url:
https://one.servername.com:2083 they can see a dropdown with all the accounts and they can get into other people's cPanels?
I tried to change Tweak Settings -> System -> Accounts that can access a cPanel user account: -> cPanel User Only
but that has hidden the cPanel icon to a root user in WHM and that causes the other problem?
There must be other settings to keep the cPanel Icon so the root user can access cPanels from the list of users but hide the drop down selector when any user logs in via server's url?
This is not happening when user logs via his domain url: perticulardomain.com:2083
What am I missing?
-
Hey there! Does that user possibly have the same password as root?
0 -
Huh, it does. Somehow, it does.
So that might be the reason.
How come when I change the root password, it has changed the password to many users to that new password?0 -
It doesn't - changing the root password is not in any way related to the cPanel users. However, you can likely still login with the root password for other users.
0 -
For some reason, with my WHM that is the case. I have changed the root password in WHM and that changed the passwords for all the other users.
0 -
There is no mechanism in cPanel that would do that. It would be worth reviewing the security of your system to ensure it has not been compromised.
0 -
Ok, how can I do that?
0 -
I'm not sure, as cPanel doesn't provide those types of services.
You could first confirm this is happening by changing the root password and then seeing if data in /etc/shadow or /etc/passwd changes for all users at the same time, as that seems very unlikely.
0 -
I have changed the password again and checked /etc/shadow and it changed all the passwords for all users. I can log in with any user with that new password. Does it look like a WHM bug?
0 -
Definitely not a WHM bug. It sounds like the server has been compromised.
0 -
Well, any clue what can be wrong as I noticed this from the day I got the server?
I run the security software on the server and all accounts come up clean.
Could it be that the server was not set up properly? What could cause the WHM to change the passwords for all users by changing the root password?0 -
No, there really isn't a good explanation for this behavior.
How are you confirming the change to /etc/shadow? Does the password hash change for all users at the same time?
0 -
Well, I do not see the time in the etc/shadow but all the accounts are there and they finish with
::99999:7:::
And then when I try to log in I can log into any account with the newly setup root password.
I tested 10 random accounts and they all have that new password. And every time I test other 10 accounts when I change the root password.
Is it safe for me to post here the sample of etc/shadow file?0 -
That all sounds like normal behavior to me - all the passwords always end with that string as that isn't actually the password, and you will always be able to access accounts with the root password.
Everything you've described so far indicates a normally-functioning system since that is the case.
0 -
But this means that all the users have now new passwords? They have the passwords that I have setup for root user.
Does that sound right?
0 -
No - it just means that the system is setup to allow you to login with any user with the root password.
0 -
I have just tested one account and I can log in with both their old password and the new one I have setup for the root user.
So that is normal?0 -
Yes, that is normal behavior.
1 -
Ok, I see.
0 -
Hi cPRex,
I am trying to troubleshoot on who did some password changes on some accounts and following this info but I can't get the Terminal to read anything.https://support.cpanel.net/hc/en-us/articles/1500000687862-How-to-determine-if-a-cPanel-user-changed-their-password-using-the-cPanel-interface
What would be the working command to see when the password has been changed in cPanel?OSAlmaLinux v8.9.0 STANDARD hyper-vcPanel Version118.0.60 -
When you say you can't get the Terminal to read anything, can you get me more details? Running this command:
grep changepass /usr/local/cpanel/logs/access_log|grep cpusername|grep POST
and adjusting the "cpusername" variable should give you results.
0
Please sign in to leave a comment.
Comments
20 comments