[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Cpanel Admin login (username) Disclosure

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Cpanel Admin login (username) Disclosure
From: Sumit Siddharth <sumit.siddharth@xxxxxxxxx>
Date: Wed, 8 Feb 2006 11:09:17 +0530

Hi, could somebody kindly confirm this.
When a null username and a null password is provided in the cpanel
administration, port 2082, (basic authorization prompt) and then cancelling
the prompt the second time, the webpage presents a hyperlink to reset the
password which contains valid username for the cpanel administration.
Thanks
Sumit


--

Sumit Siddharth

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Cpanel Admin login (username) Disclosure
  - From: h4cky0u

Prev by Date: RE: [Full-disclosure] gnucitizen.org - Massive Enumeration Toolset:OFFLINE?
Next by Date: [Full-disclosure] Re: cPanel Multiple Cross Site Scripting Vulnerability
Previous by thread: RE: [Full-disclosure] gnucitizen.org - Massive Enumeration Toolset:OFFLINE?
Next by thread: Re: [Full-disclosure] Cpanel Admin login (username) Disclosure
Index(es):
- Date
- Thread