DennisHermannsen Posted April 8, 2014 Share Posted April 8, 2014 (edited) Hi WHMCS, Some of you (if not all of you) have probably heard of the OpenSSL Heartbeat bug which allows an attacker to read some of the memory. We were using one of the affected versions and are just done patching all servers. We want to force all clients to change their passwords, but how can this be done? Sending an email won't be enough, because some people never think they are affected, thus not changing the password. Edited April 8, 2014 by DennisMidjord 0 Quote Link to comment Share on other sites More sharing options...
random Posted April 9, 2014 Share Posted April 9, 2014 Hi, It would be useful if WHMCS had a module that could change all the cpanel passwords on the server, update WHMCS with the new password and send an email to the client advising them of what has been done. It would also be useful if WHMCS had a module to force clients to change their passwords when they try to login to their accounts in the WHMCS software. In view of some of the latest vulnerabilities that have been discovered, something like this would be most welcome. 0 Quote Link to comment Share on other sites More sharing options...
Infopro Posted April 9, 2014 Share Posted April 9, 2014 More Info on this for those unaware of the situation via cPanel Forums: OpenSSL Heartbleed Bug (< 1.0.1g) - Encryption keys at risk - cPanel Forums Details on how to force a password change via WHM: Force Password Change - cPanel Documentation 0 Quote Link to comment Share on other sites More sharing options...
merlinpa1969 Posted April 9, 2014 Share Posted April 9, 2014 Beat me to it Info 0 Quote Link to comment Share on other sites More sharing options...
WHMCS Support Manager WHMCS John Posted April 11, 2014 WHMCS Support Manager Share Posted April 11, 2014 Hi, More information on this can also be found in our recent blog post: http://blog.whmcs.com/?t=88022 0 Quote Link to comment Share on other sites More sharing options...
DennisHermannsen Posted April 12, 2014 Author Share Posted April 12, 2014 We've already sent out emails, but unfortunately I think that I care more about my customers security than they do Forcing them to change the password would be great. Or just a module that would automate the process of resetting the emails and mailing it to the client. 0 Quote Link to comment Share on other sites More sharing options...
merlinpa1969 Posted April 12, 2014 Share Posted April 12, 2014 Its a down and dirty You can always run the following in phpmyadmin ( Backup FIRST ) UPDATE `DATABASE NAME`.`tblclients` SET `password` = 'ghtyehdity3hr7'; this will force a password change then you can send an email that says WE forced your passeord to change, you need to login to your account and change it to something secure 0 Quote Link to comment Share on other sites More sharing options...
DennisHermannsen Posted April 13, 2014 Author Share Posted April 13, 2014 Yeah, but that will set all passwords to the same. That's not secure. 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.