Disabling Password Reset Option cPanel/WHM

Cpanel recently announced a new vulnerability for their servers for the password reset option.
We'll show you how to turn off the password reset option for failed logins to Cpanel through Web Host Manager.

Description
The feature "Allow cPanel users to reset their password via email",
found in WebHostManager in the "Tweak Settings" section allows for a
cpanel user to run some commands as the root user. 

It's strongly suggested that all Cpanel users disable this feature.

Affected Systems
All builds  of Cpanel on all platforms are vulnerable up to and including (9.1.0
build 34), all builds after that have been fixed.

Step 1) Fixing The Problem - Disable It

1. Login into you WHM control panel as root.

2. Click on Tweak Settings in the upper left hand corner.

3. Scroll down until you see "Allow cPanel users to reset their password via email"

4. Uncheck the check box and click Save.



Step 2) Fixing The Problem - Update Cpanel
You can also update your Cpanel server to the latest release, which now fixes this issue.

1. Login into you WHM control panel as root.

2. Click on Upgrade to Latest Version on the bottom right hand corner.

Your server is now protected from this exploit!

Similar Articles : Change All Packages Themes cPanel/WHM, Change All User Themes cPanel/WHM, Official cPanel/WHM Newbies Guide, Updating Apache Using cPanel/WHM Easy Apache, Extended Exim Logging, Linux Apache ASP for cPanel/WHM, How to Hide Bind Version cPanel/WHM, Fix cPanel/WHM Quotas, Disabling Password Reset Option cPanel/WHM, Setting up Private Reseller Name Servers, Installing DrWEB antivirus cPanel/WHM Linux, Properly Reject Invalid Email, Securing /tmp partition, Force Secure Login cPanel/WHM SSL, Default Index cPanel/WHM, Modify Bandwidth Exceeded cPanel/WHM, Use Exiscan to Scan For Viruses, Fix Log Rotation Problems cPanel, Installing mod_bandwidth For the Ultimate in Apache Utilization Control, Linux Distributions, UNIX Flavors (Distributions), Installing and Configuring CSF Firewall