-----Original Message-----
From: [email protected] [mailto:[EMAIL PROTECTED] On
Behalf Of Ritesh Agrawal
Sent: Wednesday, February 08, 2006 6:10 PM
To: [email protected]
Subject: [linuxtechbiz] Re: Cpanel Admin login (username) Disclosure
1 cent from my side :-) .. we can get valid username by entering NULL
username and password on authentication window of cpanel and request for
password reset.
--- In [email protected], "Rahul Baweja" <[EMAIL PROTECTED]> wrote:
>
> yeah you can say that..
>
> _____
>
> From: [email protected]
[mailto:[EMAIL PROTECTED] On
> Behalf Of Soi, Dhruv
> Sent: Wednesday, February 08, 2006 5:22 PM
> To: [email protected]
> Subject: RE: [linuxtechbiz] Cpanel Admin login (username) Disclosure
>
>
> coool! so most of the servers with remote management on Cpanel are
on big
> threat!
>
> -D
>
> -----Original Message-----
> From: [email protected]
[mailto:[EMAIL PROTECTED] On
> Behalf Of Rahul Baweja
> Sent: 09 February 2006 05:17
> To: [email protected]
> Subject: RE: [linuxtechbiz] Cpanel Admin login (username) Disclosure
>
>
>
> Basically if you have a\given an email ID in the admin it would send
a link
> to reset the password on that ID.....and yes it does show a valid
username
> ...old password is not required to reset ..
>
> _____
>
> From: [email protected]
[mailto:[EMAIL PROTECTED] On
> Behalf Of Soi, Dhruv
> Sent: Wednesday, February 08, 2006 5:11 PM
> To: [email protected]
> Subject: RE: [linuxtechbiz] Cpanel Admin login (username) Disclosure
>
>
> does it allow you to reset the password without asking the old
password? or
> its just showing your the valid username and you need the old
password to
> reset it?
>
> -----Original Message-----
> From: [email protected]
[mailto:[EMAIL PROTECTED] On
> Behalf Of Rahul Baweja
> Sent: 09 February 2006 04:59
> To: [email protected]
> Subject: RE: [linuxtechbiz] Cpanel Admin login (username) Disclosure
>
>
> Hi Dhruv...
>
> same here ... even I could do that..
>
> Rahul
> _____
>
> From: [email protected]
[mailto:[EMAIL PROTECTED] On
> Behalf Of Soi, Dhruv
> Sent: Wednesday, February 08, 2006 4:18 PM
> To: [email protected]
> Subject: [linuxtechbiz] Cpanel Admin login (username) Disclosure
>
>
> Would anyone from group like to try this and confirm back to us?
>
> -D
>
>
> Subject: Re: [Full-disclosure] Cpanel Admin login (username)
> Disclosure
>
>
> Yup i could reproduce that with all the sites i tried it on.
>
>
> On 2/8/06, Sumit Siddharth <[EMAIL PROTECTED]> wrote:
>
> Hi, could somebody kindly confirm this.
> When a null username and a null password is provided in the cpanel
> administration, port 2082, (basic authorization prompt) and then
cancelling
> the prompt the second time, the webpage presents a hyperlink to
reset the
> password which contains valid username for the cpanel administration.
> Thanks
> Sumit
>
>
> --
>
> Sumit Siddharth
>
Yahoo! Groups Links
SPONSORED LINKS
| Computer security | Communication and networking | Computer memory |
| Computer training |
YAHOO! GROUPS LINKS
- Visit your group "linuxtechbiz" on the web.
- To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
- Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
