Digital Defense, Inc., a leader in vulnerability and threat management solutions, today announced that its Vulnerability Research Team (VRT) uncovered a previously undisclosed vulnerability affecting the cPanel & WebHost Manager (WHM) web hosting platform. cPanel &WHM version 11.90.0.5 (90.0 Build 5) exhibits a two-factor authentication bypass flaw, vulnerable to brute force attack, resulting in a scenario where an attacker with knowledge of or access to valid credentials could bypass two-factor authentication protections on an account. Digital Defense’s internal testing demonstrated that an attack can be accomplished in minutes.
cPanel & WHM is a suite of tools built for Linux OS that allows hosting providers and users the ability to automate server management and web hosting tasks while simplifying the process of website hosting for the end user. Serving the global hosting community for over 20 years, cPanel touts having over 70 million domains launched on servers using cPanel & WHM to date.
What You Can Do
cPanel’s recent advisory provides more details about the updates that have been released, which should be applied: https://news.cpanel.com/cpanel-tsr-2020-0007-full-disclosure/. For additional information, customers should contact cPanel directly.
Digital Defense Research Methodology and Practices
The Digital Defense VRT regularly works with organizations promoting the responsible disclosure of zero-day vulnerabilities. The expertise of the VRT, when coupled with the company’s next generation hybrid cloud platform, Frontline Vulnerability Manager, enables early detection capabilities. When zero-days are discovered and internally validated, the VRT immediately contacts the affected vendor to notify the organization of the new finding(s) and assists, where possible, with the vendor’s remediation actions.
To view Digital Defense’s zero-day advisories to date, please visit: https://www.digitaldefense.com/vulnerability-research-team/vulnerability-research/.
Like this:
Like Loading...
Related
This entry was posted on November 24, 2020 at 9:18 am and is filed under Commentary with tags Digital Defense. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Digital Defense, Inc. Discloses cPanel & WHM Vulnerability
Digital Defense, Inc., a leader in vulnerability and threat management solutions, today announced that its Vulnerability Research Team (VRT) uncovered a previously undisclosed vulnerability affecting the cPanel & WebHost Manager (WHM) web hosting platform. cPanel &WHM version 11.90.0.5 (90.0 Build 5) exhibits a two-factor authentication bypass flaw, vulnerable to brute force attack, resulting in a scenario where an attacker with knowledge of or access to valid credentials could bypass two-factor authentication protections on an account. Digital Defense’s internal testing demonstrated that an attack can be accomplished in minutes.
cPanel & WHM is a suite of tools built for Linux OS that allows hosting providers and users the ability to automate server management and web hosting tasks while simplifying the process of website hosting for the end user. Serving the global hosting community for over 20 years, cPanel touts having over 70 million domains launched on servers using cPanel & WHM to date.
What You Can Do
cPanel’s recent advisory provides more details about the updates that have been released, which should be applied: https://news.cpanel.com/cpanel-tsr-2020-0007-full-disclosure/. For additional information, customers should contact cPanel directly.
Digital Defense Research Methodology and Practices
The Digital Defense VRT regularly works with organizations promoting the responsible disclosure of zero-day vulnerabilities. The expertise of the VRT, when coupled with the company’s next generation hybrid cloud platform, Frontline Vulnerability Manager, enables early detection capabilities. When zero-days are discovered and internally validated, the VRT immediately contacts the affected vendor to notify the organization of the new finding(s) and assists, where possible, with the vendor’s remediation actions.
To view Digital Defense’s zero-day advisories to date, please visit: https://www.digitaldefense.com/vulnerability-research-team/vulnerability-research/.
Share this:
Like this:
Related
This entry was posted on November 24, 2020 at 9:18 am and is filed under Commentary with tags Digital Defense. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.