WHM root password

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    WHM root password

    Hi,

    so ive been playing about with WHM as its the first time ive used it. and ive created an account for my billing software with a new domain.

    if i have the same password on the billing cpanel account as the whm account, i get the option to switch between all the user accounts under my whm even when logging in with the billing account username. Is this not a massive security hole if a client was to have the same password as the whm account?

    if this makes no sesnse il try explaining again..

    #2
    Originally posted by james141 View Post
    Hi,

    so ive been playing about with WHM as its the first time ive used it. and ive created an account for my billing software with a new domain.

    if i have the same password on the billing cpanel account as the whm account, i get the option to switch between all the user accounts under my whm even when logging in with the billing account username. Is this not a massive security hole if a client was to have the same password as the whm account?

    if this makes no sesnse il try explaining again..
    It can be termed as a security hole though, but why would one keep a simple password in the first case? A 16 digit, random alpha+numeric+special-character password would be impossible to hack or guess or sheer coincide for anyone to put & browse through all accounts from WHM

    You can also restrict WHM access to certain IPs only from the following as an added security measure:

    Main >> Security Center >> Host Access Control >> Host Access Control
    Rock _a.k.a._ Jack Daniel

    Follow eUKhost on Twitter || Join eUKhost Community on Facebook

    Comment


      #3
      Hi,

      yeah my password is secure, i was just a little shocked and confused when i logged in and saw i could switch between accounts

      cheers
      James.

      Comment


        #4
        Yeah, also another similar thing will happen due to the IP address being the same. For example, if you have two sites on your server, test1.com and test2.com, it won't matter if you go to test1.com/cpanel and enter the details for test2s account - you will still be logged into test2s cpanel.
        David Smith
        Managing Director
        DPS Computing Limited

        - Massive update! (September 2011) - It's now not neglected!!
        - New Site (10/2009)

        Comment


          #5
          Yep, which could be quite handy for reseller hosting. One login on my company page for all clients

          Comment


            #6
            Originally posted by james141 View Post
            Yep, which could be quite handy for reseller hosting. One login on my company page for all clients
            Indeed, it is most definitely useful for that . It can save a lot of confusion with less technically able users .
            David Smith
            Managing Director
            DPS Computing Limited

            - Massive update! (September 2011) - It's now not neglected!!
            - New Site (10/2009)

            Comment

            Working...
            X