Thursday, January 21, 10:44
Home security Security researchers have discovered a bug in cPanel software

Security researchers have discovered a bug in cPanel software

Some security researchers have discovered a major security flaw in cPanel, a popular software suite used by web hosting companies to manage their clients' websites.

The bug, discovered by Digital Defense security researchers, allows intruders to bypass two-factor authentication (2FA) on cPanel accounts.

These accounts are used by the owners websites to access and manage their websites and their underlying settings server. Access to these accounts is crucial, as once they are breached they give threatening agents full control over the site of a victim.

cPanel

On its website, cPanel boasts that its software is currently used by hundreds web hosting companies to manage more than 70 million domains worldwide.

But in a press release today, Digital Defense says 2FA in older cPanel & WebHost Manager (WHM) software was vulnerable to brute-force attacks that allowed threatening agents to guess the URL parameters and bypass 2FA - if 2FA was enabled in a account.

While brute-forcing attacks generally take hours or days to execute, in this specific case, the attack was carried out in just a few minutes, Digital Defense said today.

Also, exploiting this bug requires intruders to have valid ones credentials of a targeted account.

While this may make some website owners think that the bug is not significant, it actually is the opposite, as 2FA solutions were invented to protect against phishing attacks and, as a result, any 2FA bypass as this error should treated with the utmost care.

The good news is that Digital Defense privately reported the bug - which was named SEC-575. Also, the cPanel team released some patches last week.

Website owners who use 2FA when connecting to cPanel can see if their web hosting provider has released information in the cPanel installation by checking its version number platform.

According to the cPanel security advisory, the 2FA bypass issue has been fixed in cPanel & WHM software 11.92.0.2, 11.90.0.17 and 11.86.0.32.

Users should not disable 2FA for their cPanel accounts because of this error, but should instead ask their web hosting providers to update their cPanel installation to the latest version.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.

LIVE NEWS

Hacker provides free online 2 million Pixlr user files!

A hacker leaked 2 million files of Pixlr users containing information, which could then be used to ...
00:02:09

Donald Trump: Thanks to Lil Wayne, not to Julian Assange!

Outgoing US President Donald Trump will award today thanks to rapper Lil Wayne in a final wave of pardon that ...
00:02:28

NASA: Uses AI to locate new craters on Mars

https://www.youtube.com/watch?v=e8qCSD3fA50 Τα τελευταία 15 χρόνια, το Mars Reconnaissance Orbiter της NASA περιφέρεται γύρω από τον Άρη μελετώντας...

Windows 10: How to view recently installed updates

Microsoft frequently updates Windows 10, but it is not always clear when each update is installed. Fortunately, there are two easy ways ...

Lorex launches a bell with a 2K camera that detects faces

Lorex launches a new device for smart homes - the bell called "2K QHD Wired Video Doorbell with Person ...

Security awareness is not enough to deal with threats

Significant changes have been made in recent years in dealing with cyber threats. The human factor is now taken seriously in safety. For example,...

MeWe: Gained 2,5 million users in one week!

The social networking platform MeWe saw the number of its users increase significantly after the WhatsApp scandal.

Fake collaboration apps "infect" employees and steal data!

With the outbreak of the COVID-19 pandemic, a large percentage of organizations have experienced malware attacks on remote devices as employees work ...

LG is considering leaving the smartphone sector in 2021

After losing about $ 4,5 billion in the last five years, the smartphone company LG struggled to compete with its rivals. He...

Steve Jobs: Statue in the National Garden of American Heroes by Trump!

The American government decided to place a statue in honor of the co-founder and former CEO of Apple, Steve Jobs, in the National Park ...