A security vulnerability in the web hosting application cPanel allows attackers to bypass two-factor authentication (2FA) with brute-force attacks on domains using vulnerable versions of cPanel – WebHost Manager (WHM).
cPanel is a management software that is installed on web hosting servers and allows web site administrators and owners to automate the management of the server and σελίδαs, offering a graphic environment.
The vulnerability has been recorded as CVE-2020-27641, and was discovered by the company's researchers Michael Clark and Wes Wright Digital Defense.
Intruders could use CVE-2020-27641 to bypass 2FA on cPanel accounts on millions of sites because cPanel Security Policy does not prevent them from repeatedly submitting two-factor authentication codes.
“When MFA is enabled, one user it can make as many attempts as it wants to find the MFA key without delays and without a ban to avoid a brute-force attack,” the researchers report.
"This leads to a scenario where an intruder with valid credentials could bypass MFA protections on an account in a matter of hours. "Our tests have shown that with the best coordination of the attack, it can be achieved in a matter of minutes."
The cPanel has already issued security updates for vulnerabilities in cPanel & WHM versions 11.92.0.2, 11.90.0.17 and 11.86.0.32. All new releases are available through the Software Update.
Of course, anyone using cPanel is advised to update immediately, or contact the company directly for more details if needed.
