Control Web Panel

WebPanel => Migration from other control panels => Topic started by: cexpert on April 14, 2019, 03:47:07 PM

Title: User password stored in plain text into cwp_api.log
Post by: cexpert on April 14, 2019, 03:47:07 PM
User password can be read in plain text from cwp_api.log
I beleive it may have been put there by the cpanel miration script, example line:
19-03-24 03:21:30 {domain:*main domain*,user:*username*,pass:*password*,email:*email*,inode:0,nproc:40,nofile:100,package:15,shell:null,ip:173.208.244.19,backup:ON,ssl:null}

Isn't having user password stored in plain text in a log file a security issue?
Title: Re: User password stored in plain text into cwp_api.log
Post by: josemnunez on April 15, 2019, 09:40:14 AM
Hello

Thanks for the report

We have resolved this details and will be available for our next version