Some users reported to us that they can log into cPanel accounts with their reseller accounts’ passwords. This is not a cPanel bug or security issue. It is this way by design and it’s enabled by default. In fact, you can also log into a cPanel account with the root password.
To prevent resellers and root to log into individual cPanel accounts:
1. Connect to your WHM installation
2. Go to Server Configuration >> Tweak Settings >> System tab
3. Here, look for the option Accounts that can access a cPanel user account and modify it according to your needs. Click the Save bottom at the bottom of the page to apply the new option.
This setting specifies who can access a user’s cPanel account. Account-Owner refers to the particular reseller that owns the user account.
Note: Disabling root access here will also disable root’s access to the Branding Editor in WHM.
Resources:
cPanel Tweak Settings