WebHostGear.com - the hosting resource for professionalshosting tutorials hosting howto webhost guide server managementAugust 29, 2008
server management, apache tutorials, hosting tutorials, cpanel, server security
Home | Blog | Hosting Forums | Most Popular | Top Rated | Search | RSS Syndicate | Contact Us | Site Map

Advanced Search
Search Forums

Categories:
Hire an ExpertHire an Expert
Hosting BlogBlog
ArticlesArticles
Hosting TutorialsHosting Tutorials
cPanel TutorialscPanel Tutorials
Server SecurityServer Security
InterviewsInterviews
ReviewsReviews
Web Host NewsWeb Hosting News
ForumsHosting Forums
ProjectsProjects

Special Offer:

Site Related:
Submit hosting articleSubmit Article
AdvertiseAdvertise
About UsAbout Us
WebhostGear PartnersPartners
SyndicateRSS Syndicate
Write for usWrite for us
Recommend UsRecommend Us
DisclaimerDisclaimer
Contact UsContact Us
Site MapSite Map

Free Newsletter:

Subscribe to our free newsletter and receive, tutorials, reviews and more all related to the hosting industry.
E-mail Address:

First Name:



$50 OFF Coupon for Dedicated and VPS Servers

cPanel Dedicated Servers 		Home / Hosting Tutorials / cPanel Tutorials / Disabling Password Reset Option

Disabling Password Reset Option



Printer Friendly Printer Friendly Send to a friend Send to a friend
By : ramprage Rating : Average Rating : 6.00 From 9 Voter(s)

Cpanel recently announced a new vulnerability for their servers for the password reset option.
We'll show you how to turn off the password reset option for failed logins to Cpanel through Web Host Manager.

Description
The feature "Allow cPanel users to reset their password via email",
found in WebHostManager in the "Tweak Settings" section allows for a
cpanel user to run some commands as the root user. 

It's strongly suggested that all Cpanel users disable this feature.

Affected Systems
All builds  of Cpanel on all platforms are vulnerable up to and including (9.1.0
build 34), all builds after that have been fixed.

Step 1) Fixing The Problem - Disable It

1. Login into you WHM control panel as root.

2. Click on Tweak Settings in the upper left hand corner.

3. Scroll down until you see "Allow cPanel users to reset their password via email"

4. Uncheck the check box and click Save.

Click the screenshot for a larger image.
Disable password reset for Cpanel servers in WHM - click for enlarged version

Article provided by WebHostGear.com
Step 2) Fixing The Problem - Update Cpanel
You can also update your Cpanel server to the latest release, which now fixes this issue.

Article provided by WebHostGear.com

1. Login into you WHM control panel as root.

2. Click on Upgrade to Latest Version on the bottom right hand corner.

Your server is now protected from this exploit!

New! - Need server help? Hire an Expert

Get professional help with your configuration, script installation or server issue.
Learn how we can help you with any server problem and make your server run like new. Professional staff will contact you, after submitting a quote request, by phone or email.

Rate this Article :

1
2
3
4
5
6
7
8
9
10
Poor Excellent
Sources
http://www.securityfocus.com/archive/1/357172/2004-03-09/2004-03-15/0



Discuss this article with others in our new hosting forums

Comments / Feedback

 Add Comment
Name
Email
Image Code
Refresh Image
Comments / Feedback



Web Hosting News RSS ?


WebHostGear Hire an Expert - NEW!
Let us improve your servers performance, find that spammer and take care of that kernel upgrade. Hire us to help with any tutorials listed on the site or any other services needed. Get your free, NO obligation quote now

Our site offers free hosting tutorials, cpanel tutorial, web hosting news, shell commands, running a web hosting business, dedicated guides, linux tutorial, apache install, home web server, web server guide, ssh commands, dedicated servers, DNS nameservers, chkrootkit, apf firewall, exim configuration, server compromised, cron backup solution, ftp backup script

Server Tutorials


WebHostGear Reviewed by Ping Zine - Click here

Special Offer:


Links:
cPanel server administration

MidPhase Coupons

Reseller Hosting

Reseller Hosting FAQ

Icon

Web Hosting

Datacenter Discussion Forum

Lunarpages Coupon

Hosting Coupon



WebhostGear Sponsors
Copyright © 2003-2006 WebHostGear.com - A Wave Point Media property.
Going Up Advertise Hosting Free Uptime Check Web Hosting Chat Icons Banners Mall