cPanel 2-Factor Auth Bypass

November 30, 2020

Table of Contents

cpanel.net/wp-content/themes/cPbase/assets/img/...

2-Factor Authentication Bypass hole in WHM cPanel security has been Reported effected WHM resellers.

cPanel, a software provider to manage web hosting/websites, has recently patched a security vulnerability that allowed hackers with access to valid credentials to a cPanel account on the server, gaining cPanel bypassing the two-factor authentication (2FA) protection on an account.

The issue which is tracked as “SEC-575” and is discovered by researchers from Digital Defense.

The issue came from a lack of rate-limiting during 2FA during cPanel account logins, making an opportunity possible for a hacker/opportunist to repeatedly submit 2FA codes using the brute-force approach which eventually bypasses/hacks the authentication check.

Researchers have recently as of November 2020 said known attacks of this kind could be accomplished within minutes.

“The two-factor authentication cPanel Security Policy did not prevent an attacker from repeatedly submitting two-factor authentication codes,” cPanel said in this advisory. “This allowed an attacker to bypass the two-factor authentication check using brute-force techniques.”

cPanel has now addressed the flaw by adding a rate limit check to its cPHulk brute-force protection service, causing a failed validation of the 2FA code/codes to be treated as a failed login.

This is not the first time the absence of rate-limiting has posed a serious security concern, issues like this should not have happened but the issue was dealt with quickly which is what we would expect. At 247Rack we have no reports of any bypasses so do not worry and we are confident cPanel is still secure and always will be.

During July of 2020, the video conferencing company called Zoom fixed a security loophole that could of allowed any hackers/attackers to break/bypass the numeral passcode used to secure Zoom private meetings on the platform also enabling spying on all active participants of a target bypassed.

It’s recommended that all 247Rack cPanel customers using Cpanel to carry out commands or login to the admin panel and update apply the patches to mitigate the risk associated with the security flaw. We would highly recommend opensource software Jitsi, a self-hosted instance that can be easily setup with any 247Rack server.

Share on
Facebook
Twitter
LinkedIn
Pinterest
More posts

Dedicated Servers Quick Guide

What is a Dedicated Servers? Why bother using a dedicated server over a VPS or Shared Hosting?A dedicated server is a server 100% dedicated to your website/project or business needs.

Windows Programmes with Linux

How do I run a Windows program on Linux? You probably ran into issues with running a windows application in Linux and now you have ended up here, what you

Enhanced Storage Features on 5.1

Enhanced Storage Features on 5.1 SESMATEnhanced Storage features introduced by 5.1 VMFS File Sharing Limits In previous versions of vSphere, the maximum number of hosts which could share a read-only

Get 90% Discount

First 3 People gets the Bonus!
Don't Miss Out Our Big Sale

Get 0-90% On All
247Rack Services

247Rack

The Sale Is Until The End Of March