Author Topic: User password stored in plain text into cwp_api.log (Read 6857 times)

cexpert · « **on:** April 14, 2019, 03:47:07 PM »

User password can be read in plain text from cwp_api.log
I beleive it may have been put there by the cpanel miration script, example line:
19-03-24 03:21:30 {domain:*main domain*,user:*username*,pass:*password*,email:*email*,inode:0,nproc:40,nofile:100,package:15,shell:null,ip:173.208.244.19,backup:ON,ssl:null}

Isn't having user password stored in plain text in a log file a security issue?

josemnunez · « **Reply #1 on:** April 15, 2019, 09:40:14 AM »

Hello

Thanks for the report

We have resolved this details and will be available for our next version

Control Web Panel

Author Topic: User password stored in plain text into cwp_api.log (Read 6857 times)

User password stored in plain text into cwp_api.log

Re: User password stored in plain text into cwp_api.log