New mod_security ruleset for comment spammers Published: Jun 16, 2006
  • Rating

    0/5

How to turn off the password reset option for failed logins to Cpanel.

Cpanel recently announced a new vulnerability for their servers for the password reset option.
We'll show you how to turn off the password reset option for failed logins to Cpanel through Web Host Manager.

Description
The feature "Allow cPanel users to reset their password via email",
found in WebHostManager in the "Tweak Settings" section allows for a
cpanel user to run some commands as the root user. 

It's strongly suggested that all Cpanel users disable this feature.

Affected Systems
All builds  of Cpanel on all platforms are vulnerable up to and including (9.1.0
build 34), all builds after that have been fixed.

Step 1) Fixing The Problem - Disable It

1.
Login into you WHM control panel as root.

2. Click on Tweak Settings in the upper left hand corner.

3. Scroll down until you see "Allow cPanel users to reset their password via email"

4. Uncheck the check box and click Save.

Click the screenshot for a larger image.
Disable password reset for Cpanel servers in WHM - click for enlarged version

Step 2) Fixing The Problem - Update Cpanel
You can also update your Cpanel server to the latest release, which now fixes this issue.

1. Login into you WHM control panel as root.

2. Click on Upgrade to Latest Version on the bottom right hand corner.

Your server is now protected from this exploit!

  • Rating

    0/5

Related Articles

Comments (0)

No one has commented on this page yet.

Add Your Thoughts

WebHostGear.com is a hosting directory, not a web host.

Copyright © 1998-2017 WebHostGear.com