We are not providing our customers the access to the cPanel and they only have the WHMCS client area logins.
So, whoever having Client Area Access can change the cPanel Password and even login to cPanel directly via Single Sign On (added in WHMCS 6.2.x).
Now, we need to disable the WHMCS "Single Sign-On" and "Change Password" Options from WHMCS.
For Now, we're using the mode rewrite to disable the single sign-on request here is the working code (I know, its not the permanent solution).
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/clientarea\.php$
RewriteCond %{QUERY_STRING} ^.*?dosinglesignon=1.*?$
RewriteRule ^(.*)$ /[login to view URL] [R=301,L]
But, there is no way to disable the change password option.
any help is appreciated.