Home page logo

fulldisclosure logo Full Disclosure mailing list archives

cPanel check only the first 8 characters of webmail password
From: Andrey Bayora <andrey () hiddenbit org>
Date: Thu, 21 Oct 2004 11:26:52 -0500

cPanel check only the first 8 characters of webmail password.

HiddenBit.org Security Advisory.

Date: October 21, 2004

Software: cPanel 9.4.1-STABLE 65

Author: Andrey Bayora


cPanel & WebHost Manager (WHM) is a next generation web hosting control
panel system. Both cPanel & WHM are extremely feature rich as well as
include an easy to use web based interface (GUI).


When you set long and “secure” password for your webmail account, cPanel
will successfully process you login by using only the first 8
characters of your original password. For example: your password =
1234567890# () !  - if you enter only 12345678 you’ll login successfully.


None yet – needs vendor development.


Choose complex password within the 8 characters range.


20.10.2004 Vendor notification by HiddenBit.org
20.10.2004 Vendor responded and published bug at bugzilla.


HiddenBit.org is non-profit Israel security research team.


The information within this advisory may change without notice. There
are no warranties, implied or express, with regard to this information.
 In no event shall the author be liable for any direct or indirect
whatever arising out or in connection with the use or spread of this
information. Any use of this information is at the user's own risk.

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]