Administrator account info sent by email

Having problems with IHMC CmapServer? Think you have found a bug? Let us know!
Forum rules
Before you post a problem or bug, please be sure you have included the version number of IHMC CmapServer, the operating system and version, the amount of RAM, and any other information that allows us to be able to replicate the problem you are having. (i.e. what were you doing when the problem occur? were you running another program (application) by the time you have the problem?)
Post Reply
greenvet2
Posts: 1
Joined: Fri May 31, 2013 1:48 pm

Administrator account info sent by email

Post by greenvet2 » Sun Aug 21, 2016 8:45 am

Today I received an email from our cmap server (5.03) that included our administrator username and password. (I've removed username and password for obvious reasons, but include the text here for info purposes.)
Administrator's account information for VTL Shared Cmaps

Username: XXXXXXXXX
Password: XXXXXXXX


--------------------------------------------------------------------------------
Server Name: VTL Shared Cmaps
Version: 5.03.03
IP Address: 128.173.242.106
Host Name: vmil1.vetmed.vt.edu
Port Number: 4447
Web Server Port Number: 8080
Server ID: 1195150186823_1237469840_0


--------------------------------------------------------------------------------
This is a generated email so please do not reply.
There are only 3 people actively using our server and none of us had been using the maps or the server itself for at least several weeks before this email was received.

I can't figure out where this email could have been triggered from. There are no suspicious entries in our server logs. Nothing looks out of place. Suggestions?

We've shutdown our server for now as a precaution.

Thanks,

~julie

cmapadmin
Site Admin
Posts: 568
Joined: Sat Dec 13, 2008 2:22 pm

Re: Administrator account info sent by email

Post by cmapadmin » Sun Aug 21, 2016 9:07 am

Somebody was looking at a Cmap, went into the permissions dialogue box for one of the resources. One of the options is to send the userid+password of the owner to the owner. So only you can get the email, nobody else. Whomever tried to do it didn't get anywhere and did not receive any information. This is just a 'forgot my password' type of message.

Post Reply