Users can login using root's password!

Hi,
today in a fresh installation I created the first user, with its username and its password.
The I went to the user web panel and (for mistake) I use the user's username and root's password, then .... I got correctly logged in!
I tried to replicate the behavior on a new installation, and I got the same problem.
User can successfully login both with its own password and root's password as well... how can it be??

That's perfectly fine and how things should be!
Why do you see a problem - unless you're gonna tell all your users the root password?
Jeez!

(Does facebook/instagram allow you to search for cheap Windoze shared hosting?)

That's fine.
Maybe this is wanted to allow admin to log in and see users' side without asking them their password?

That's fine.
Maybe this is wanted to allow admin to log in and see users' side without asking them their password?

Ta Da! The penny has dropped. (Took long enough.) 

http://wiki.centos-webpanel.com/how-can-root-login-as-a-user

This is how it should work, and this method works as long as the User don't enabled the 2FA Authentication.

If the User has 2FA enabled you can still login but using the direkt link in the Admin Panel under Accounts, even if 2FA is enabled.