cPanel - WHM update immediately

A gap in cPanel web hosting application allows attackers to bypass two-factor authentication (2FA) with brute-force attacks on domains using vulnerable versions of cPanel – WebHost Manager (WHM).

cPanel is a management software that is installed on web hosting servers and allows web site administrators and owners to automate the management of the server and s, offering a graphic environment.

Η has been recorded as CVE-2020-27641, and was discovered by researchers Michael Clark and Wes Wright of Digital Defense.

Attackers could use CVE-2020-27641 to bypass 2FA on cPanel accounts in websites because cPanel's Security Policy does not block them when they submit repeatedly of two-factor authentication.

“When MFA is enabled, a user can make as many attempts as they like to find it of MFA without delays and without any ban to avoid a brute-force attack,” the researchers report.

“This leads to a scenario where an attacker with knowledge of valid credentials could bypass MFA protections on a within a few hours. Our tests have shown that with the best coordination of the attack it can be achieved in minutes.”

The cPanel has already issued security updates to address the vulnerability in cPanel & WHM versions 11.92.0.2, 11.90.0.17 and 11.86.0.32. All new versions are available through Update .

Of course, anyone using cPanel is advised to update immediately, or contact the company directly for more details if needed.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).