WebhostSecurity.com
ARTICLES
› Lessons Learned - Defense
› Lessons Learned - Offense
› Finding Bugs 1 - Softaculous
› Finding Bugs 2 - cPanel + Horde
› uid/gid Reuse Multi Vendor Issue
› Finding the WordPress 2.1.1 Backdoor
› Discovering Cdorked.A on cPanel
OFFENSE
› AtMail
› BFD
› cPanel
› CSF
› DirectAdmin
› Installatron
› Juniper
› Kloxo
› OSSEC
› Softaculous
› WHMEZLogin
› WHMReseller
DEFENSE
› STFN - Suspicious /tmp File Notifier
› ELM - Exim Log Monitor
› RFID - Remote File Inclusion Detector
› Twitter


WHMReseller 3.20 - usernames and passwords stored in plain text for everyone to see


DESCRIPTION

For every account that is created via WHMReseller, usernames and passwords are logged in plain text to world readable files:

-rw-rw-rw-  1 root root  500 Aug 25 16:17 /usr/local/cpanel/whostmgr/docroot/cgi/whmreseller/scripts/makesubresellerdebug
-rw-rw-rw-  1 root root 4736 Aug 25 16:17 /usr/local/cpanel/whostmgr/docroot/cgi/whmreseller/whmrdaemondebug

This is especially bad for this software since access to a reseller account allows anyone to execute commands as root.


IMPACT

Local users could obtain root privileges.


WebhostSecurity.com © 2009 - 2020