cPanel (UNKNOWN VERSION) - changing the root password in WHM resulted in the plain text password being logged to cPanel's access_log



DESCRIPTION


When changing the root password in WHM, the $password2 variable, which stored the root password, was logged to /usr/local/cpanel/logs/access_log.



IMPACT


Minimal impact due to permissions on /usr/local/cpanel/logs/access_log being 600, root.root.