Paper Lantern for cPanel accounts is being retired this year. Find out more »
cPanel & WHM Version 102 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!

Ability to view passwords for customers web accounts, FTP accounts, MySQL DB's & email accounts

Tony shared this idea 6 years ago
Needs Review

It would be nice to have the option to store every single password created for customer web accounts, including FTP accounts, MySQL databases, email accounts, etc. I know this maybe a security risk for some, but for those who have over 50 web hosting accounts, how can you keep track of all the passwords created within these hosting accounts. Resellers can have the option to turn on or off this feature. This could be set by the admin, so those who feel that it is a security risk and do not like it, they do not turn it on, but those who need this feature can turn it on. The reason I say we should have stored passwords is that I sometimes develop websites for clients and therefore I need to connect to FileZilla to upload/download files and this is when I need to see these passwords. Also some clients forget their passwords and contact us to retrieve them. Clients can also see their email accounts passwords, FTP passwords and MySQL passwords too. Also, I sometimes work with 3rd party technicians who for example set up Office 365 on various web hosting accounts and therefore they would need some of the passwords too. I hope this makes sense and is a logical idea.

Replies (9)

photo
3

To display the password in such as way would require us to either store the passwords in cleartext, or store them in a way as to be "easily" reversible. This is not something we are interested in pursuing.

photo
3

Hey Tony! You mentioned security risk, and that would be my first hesitation as well. Our typical users are fine with resetting passwords as needed, rather than retrieving an existing password. With root or reseller access you can easily reset any passwords you need, or use a password manager to retain any passwords that you will need in the future. Even on my own server if I use FTP to upload files (over sftp), I'll log in to reset the user's password.


We are working on Sub-cPanel-Users to allow you to share cPanel access without compromising ones cPanel password, and have added the ability for email users to reset their own password using an alternate email address that's configured through cPanel, to help alleviate some of the frustration that comes with customers forgetting their passwords.


I'll be very interested in hearing from the rest of the community to see how other folks feel about this request.

photo
2

Hi Benny,

This would make all the passwords easy to manage. For those afraid of security could have the option to switch if off completely from the admin level, i.e. just like it is now. At the moment resellers use SSL to access all their accounts, so that has some sort of security level.

Resetting of passwords is fine, but imagine all the password changes they you have to do on the email side, especially now as we rely more on our mobiles and imagine the complaints from our clients as resellers. If you could at least allow us to see email passwords first, then that would be a step in the right direction. It only makes sense.

photo
2

Hey Tony,


I totally understand why one would want this sort of behavior, and I apologize for having no incredibly nice way to put it: this is a dangerous and bad idea.


Effectively, to pull something like this off in a repeatable way, it means having to store those viewable passwords in plain text (or via a reversible hash) somewhere. With that notion, the ideas of PCI and HIPAA compliance both go out the window, and as a bonus, every CPanel box out there becomes a target for those wishing to exploit systems and grab user credentials.


Again, I get the reasons why this would be handy, but I couldn't justify any part of the downsides mentioned above (let alone those that weren't mentioned).

photo
2

Hey Tony,


The security implications have already been covered by Dennis and Benny. I'd like to briefly discuss the privacy aspect of this.


The sad fact of the internet is that humans re use passwords. The password that you have access to as part of this feature could easily be the same password that's used for the user's email or bank account. I'm sure you're a stand up guy, but let's say for the sake of argument that you have other intentions. There goes the neighborhood. I'm not a lawyer, but I'd wager that this feature could leave you exposed to civil liability if something goes wrong. In a perfect world it won't, but the world we live in is far from perfect.


Honestly, as an end user, I would stay away from any software that allowed this feature to be in place. It's far too risky in my opinion.

photo
1

You're basically asking for an option to disable password hashing. This is one situation where security has to outweigh convenience. No responsible product should allow you to do this if you are storing passwords.


You have the option to enable password resets to the email on file. This can help with customers who forget.


You have root access to mysql cli and phpmyadmin, never mind most peoples database credentials being stored in their php configuration files.


SSH keys are a bit tricky in filezilla but certainly not impossible. You could add your own public key to your customers accounts (perhaps temporarily) and you can then SFTP without resetting or knowing the account password.


Password hashing is an absolutely essential part of storing passwords. It's the last (and sometimes only) line of defense protecting your passwords from being viewed by an attacker that has managed to get data from a breach.

photo
1

Hi Dennis & Andrew, thanks for your response to this feature.

I fully understand the implications. Not sure if anyone knows a very popular web reseller company in the UK called Heart Internet. They have their own customized cPanel that looks a lot like your cPanel. They store all passwords and it is extremely manageable. I have been with them for over 10 years, until now. None of their customers and mine have had any such security problems. I think this is a very important feature to have. If you could find an alternative way to store some passwords securely in cPanel, then please let me know. I was thinking of the cPanel devs to create an API for reseller companies who resell web packages to us to resell to our clients to include in their system (their website) to store passwords within their servers and not through WHM & cPanel. This means it is away from these two systems, hence avoiding that security risk you mentioned above. The only way I can think of, for me storing passwords is to create an independent website with a customer database to store all my clients passwords. I am in the middle of creating a database now as I truly need to have this ability. I know from experience as a web reseller and software developer who has been in the industry since the mid 1990's how important it is to access these passwords. I am new to cPanel and I believe there is still a lot to do, not to say that there are no features there already, extremely far from it, you have a lot of excellent features that dragged me in to choosing the cPanel route and leave Heart Internet who in my opinion have sussed out their cPanel features, but you pay a lot for it. At the moment, there are only 2 issues I have, one is the password storage and the other is your DNS zone editing, which in my opinion needs quite a bit of tweaking still as it is far too raw. Maybe I'm wrong as I'm still trying to understand it all.

photo
2

Tony,


It is fairly alarming that any reputable organization (hosting company or not) would store passwords in plain text or two-way hash. Any organization storing passwords in plain text would immediately have me question their security practices and feel that my personal information is at risk.


As was covered by Dennis, this readily violates the guidelines of essentially any meaningful security certification or e-commerce policy Payment processors would likely penalize any organizations hosted on such services and mandate that the situation be corrected. Many organizations have been raked over the coals for storing passwords in clear text or intentionally reversible methods, prompting them to abandon the insecure method. Sometimes, it's done too late in the wake of a compromise/leak.



The list goes on and on.


This is essentially not a matter of personal opinion, but well defined industry security guidelines that would be clearly in breach at a bare minimum. This is not a feature that should be present in any product of any sort, much less a hosting automation control panel. cPanel customers rely on cPanel & WHM being reasonably secure, and that the cPanel development team is not intentionally reducing the security of the product. Even as an optional feature, this would be an incredible disservice to the industry at best. It would cause uneducated clients who took advantage of such a feature to open themselves up to penalizations from their card processing vendors along with potential litigation against them from their own customers for negligent security practices at worse.


I understand that your goal is to increase convenience and reduce frustration of your clientele, but utterly smashing security of a product to avoid slight inconvenience of having to reset a password and re-enter it on a half dozen devices or more is not something that should be entertained.


I would suggest encouraging any clientele who run into these issues to invest in one of the many password management programs available on the internet. Many have accompanying IOS/Android applications and allow for easy access and maintenance of many passwords. This way you address the problem at the source (forgetting a password) as opposed to attempting to bandaid fix the issue (clear text/reversible passwords) at the massive detriment of security. Arguably you're still at risk of the security quality of the password management application/service, it is magnitudes more secure than storing plain text passwords.


There is essentially no secure alternative to utilizing one-way hashes, as are currently utilized for passwords. The very nature of storing a password in a fashion that can be intentionally reversed back into the plain text password is an unreasonable security risk.


I strongly encourage you to seek addressing the origin issue of customers forgetting their passwords, such as the aforementioned password manager problems. That is the correct and secure way to address this concern.

photo
1

Thanks everyone for your fantastic feedback. I found that this request is actually essentially a duplicate of another, so I'm going to merge the two together and marked this one as Not Planned. If there are any further questions or concerns, please do let me know!

Replies have been locked on this page!