Full Disclosure mailing list archives
cPanel check only the first 8 characters of webmail password
From: Andrey Bayora <andrey () hiddenbit org>
Date: Thu, 21 Oct 2004 11:26:52 -0500
cPanel check only the first 8 characters of webmail password. HiddenBit.org Security Advisory. Date: October 21, 2004 Software: cPanel 9.4.1-STABLE 65 Author: Andrey Bayora BACKGROUND cPanel & WebHost Manager (WHM) is a next generation web hosting control panel system. Both cPanel & WHM are extremely feature rich as well as include an easy to use web based interface (GUI). DESCRIPTION When you set long and secure password for your webmail account, cPanel will successfully process you login by using only the first 8 characters of your original password. For example: your password = 1234567890#@! - if you enter only 12345678 youll login successfully. SOLUTION None yet needs vendor development. WORKAROUND Choose complex password within the 8 characters range. TIMELINE 20.10.2004 Vendor notification by HiddenBit.org 20.10.2004 Vendor responded and published bug at bugzilla. Reference: http://bugzilla.cpanel.net/show_bug.cgi?id=1455 ********************************************************** HiddenBit.org is non-profit Israel security research team. -------------------------------------------------------------- Disclaimer The information within this advisory may change without notice. There are no warranties, implied or express, with regard to this information. In no event shall the author be liable for any direct or indirect damages whatever arising out or in connection with the use or spread of this information. Any use of this information is at the user's own risk. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- cPanel check only the first 8 characters of webmail password Andrey Bayora (Oct 21)
- Re: cPanel check only the first 8 characters of webmail password Evert Daman (Oct 21)