Page 1 of 1

Administrator account info sent by email

Posted: Sun Aug 21, 2016 8:45 am
by greenvet2
Today I received an email from our cmap server (5.03) that included our administrator username and password. (I've removed username and password for obvious reasons, but include the text here for info purposes.)
Administrator's account information for VTL Shared Cmaps

Username: XXXXXXXXX
Password: XXXXXXXX


--------------------------------------------------------------------------------
Server Name: VTL Shared Cmaps
Version: 5.03.03
IP Address: 128.173.242.106
Host Name: vmil1.vetmed.vt.edu
Port Number: 4447
Web Server Port Number: 8080
Server ID: 1195150186823_1237469840_0


--------------------------------------------------------------------------------
This is a generated email so please do not reply.
There are only 3 people actively using our server and none of us had been using the maps or the server itself for at least several weeks before this email was received.

I can't figure out where this email could have been triggered from. There are no suspicious entries in our server logs. Nothing looks out of place. Suggestions?

We've shutdown our server for now as a precaution.

Thanks,

~julie

Re: Administrator account info sent by email

Posted: Sun Aug 21, 2016 9:07 am
by cmapadmin
Somebody was looking at a Cmap, went into the permissions dialogue box for one of the resources. One of the options is to send the userid+password of the owner to the owner. So only you can get the email, nobody else. Whomever tried to do it didn't get anywhere and did not receive any information. This is just a 'forgot my password' type of message.