Author Topic: User password stored in plain text into cwp_api.log  (Read 804 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
User password stored in plain text into cwp_api.log
« on: April 14, 2019, 03:47:07 PM »
User password can be read in plain text from cwp_api.log
I beleive it may have been put there by the cpanel miration script, example line:
19-03-24 03:21:30 {domain:*main domain*,user:*username*,pass:*password*,email:*email*,inode:0,nproc:40,nofile:100,package:15,shell:null,ip:173.208.244.19,backup:ON,ssl:null}

Isn't having user password stored in plain text in a log file a security issue?

Offline
*
Re: User password stored in plain text into cwp_api.log
« Reply #1 on: April 15, 2019, 09:40:14 AM »
Hello

Thanks for the report

We have resolved this details and will be available for our next version