This allowed an attacker to bypass the two-factor authentication check using brute force techniques,” the team explained. “The two-factor authentication cPanel Security Policy did not prevent an attacker from repeatedly submitting two-factor authentication codes. SEC-575, as it has been labeled by the cPanel Security Team, makes the two factor authentication feature available to users vulnerable to brute force attack. The former use the WHM interface to automate server management and web hosting tasks, and the latter use the cPanel interface to manage their sites, intranets, and online properties. About the cPanel 2FA bypass vulnerabilityĬPanel & WebHost Manager (WHM) is a suite of tools used by many hosting providers and users. Still, admins of sites that are managed through cPanel should check whether their provider did perform the update (and demand they do it if they haven’t). The vulnerability has been patched last week and, by now, web hosting providers have hopefully upgraded their installations. A two-factor authentication (2FA) bypass vulnerability affecting the popular cPanel & WHM software suite may allow attackers to access secured accounts, Digital Defense researchers have found.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |