Enforce disabled CMD_LOGIN for commands.allow/deny (SECURITY)

Version 1.45


Related to the commands.allow and commmands.deny feature: http://directadmin.com/features.php?id=1171 If you've told these files not to allow CMD_LOGIN, the "Login As" feature in DA still worked because CMD_LOGIN is a public command, and doesn't fall under those same checks. Fix is to load in the commands.allow and commands.deny for all "Login As" requests. This will affect any existing scripts or clients that may be using the "Login As" feature, but have failed to allow CMD_LOGIN in the commands.allow, or have denied it in the commands.deny. If you are a using the commands.allow/deny files, and if you do not allow CMD_LOGIN, you cannot use the "Login As" feature. Thanks to inten.pl for the report.

Interested to try DirectAdmin? Get a 30-day Free Trial!