Jump to content

Can I stop WHMCS showing passwords in HTML Source?


Recommended Posts



This weekend my smartermail account was hacked by what seems to be some new exploit, it seems it was a targetted attack as the hacker gained access to my webmail then went to the WHMCS Admin area and requested a password reset.


The hacker then logged in WHMCS admin and looked at some of my customers product information pages, luckily enough I was online at the time and was alerted of the password change so blocked access very quickly however it's a little concerning that WHMCS shows hashed passwords in the admin area for users products etc but when you view the HTML Source you can see the users full password.


Is there a way to stop WHMCS outputting passwords to the webpages?


Thanks Aaron

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated