Author Topic: Problem that can cause security problems  (Read 19651 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Problem that can cause security problems
« on: September 06, 2019, 02:08:55 PM »
I have find a problem generating the password of databases on users control panel that can be a source for security problems.
Probably most people don't see it but when you go to the users control panel and create a new DB the suggested password is always "lFz9Tmpp8c", most people will use it, if someone find your db name can access it using phpmyadmin for example.

In 1m with this password I find random website and was able to access the phpmyadmin.

There are a second problem in the same form but not cause any harm, we have some options to change the size of the password created but don't work.
« Last Edit: September 06, 2019, 02:11:01 PM by kandalf »

Offline
*
Re: Problem that can cause security problems
« Reply #1 on: November 18, 2019, 06:15:01 PM »
This is a massive security problem and seems that no one cares.
I found a second suggested password that seems to be used by many users that belive that CWP is creating a random password, instead of that CWP is giving allways the same passwords.

The second password that you should never use is "r6KnZEQrWA"

Offline
*
Re: Problem that can cause security problems
« Reply #2 on: November 19, 2019, 03:48:08 AM »
i care , and i see that from longtime ago without anything changes :\
sync 2017

Offline
**
Re: Problem that can cause security problems
« Reply #3 on: November 19, 2019, 08:59:26 PM »
I too have noticed that...it is a bit of a worry because people always believe that "auto-generated" passwords given by the system are random and therefore use them.

This is a very very dangerous problem for everyone who is being hosted by a CWP server. It needs to be fixed as a matter of priority. However, the other issue that goes along with this is the CWP passwords (no special characters restriction) and 8 character maximum password length for certain things. These are i think also a major problem that is causing a lot of other operations in CWP to fail all the time (because quite often users have passwords longer than 8 characters (because aut generators in various apps use passwords longer than that) and with special characters.

Offline
*****
Re: Problem that can cause security problems
« Reply #4 on: November 20, 2019, 10:52:48 AM »
Hi

This problem has been resolved for the latest version of CWP

Offline
*
Re: Problem that can cause security problems
« Reply #5 on: November 20, 2019, 05:44:05 PM »
Thank you, now the cwp team also can fix the option in front of this passwords to select the length and characthers of the password because at least for me this options open and close without change anything