diff --git a/CHANGES b/CHANGES
index a1550dd2b..47766e294 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1836,3 +1836,6 @@
 * restore: carefully replace backup config
 * spam: per mailbox bayes db and training
 
+[5.0.4]
+* Fix potential previlige escalation because of ghost file
+
diff --git a/scripts/cloudron-support b/scripts/cloudron-support
index 5f4fec3f2..bfb31d4b8 100755
--- a/scripts/cloudron-support
+++ b/scripts/cloudron-support
@@ -36,8 +36,8 @@ while true; do
     --admin-login)
         admin_username=$(mysql -NB -uroot -ppassword -e "SELECT username FROM box.users WHERE role='owner' LIMIT 1" 2>/dev/null)
         admin_password=$(pwgen -1s 12)
-        printf '{"%s":"%s"}\n' "${admin_username}" "${admin_password}" > /tmp/cloudron_ghost.json
-        echo "Login as ${admin_username} / ${admin_password} . Remove /tmp/cloudron_ghost.json when done."
+        printf '{"%s":"%s"}\n' "${admin_username}" "${admin_password}" > /home/yellowtent/platformdata/cloudron_ghost.json
+        echo "Login as ${admin_username} / ${admin_password} . Remove /home/yellowtent/platformdata/cloudron_ghost.json when done."
         exit 0
         ;;
     --) break;;
diff --git a/src/constants.js b/src/constants.js
index d745670cf..25db330bf 100644
--- a/src/constants.js
+++ b/src/constants.js
@@ -32,7 +32,7 @@ exports = module.exports = {
 
     NGINX_DEFAULT_CONFIG_FILE_NAME: 'default.conf',
 
-    GHOST_USER_FILE: '/tmp/cloudron_ghost.json',
+    GHOST_USER_FILE: '/home/yellowtent/platformdata/cloudron_ghost.json',
 
     DEFAULT_TOKEN_EXPIRATION: 7 * 24 * 60 * 60 * 1000, // 1 week