2-Factor Authentication Bypass hole in WHM cPanel security has been Reported effected WHM resellers.
cPanel, a software provider to manage web hosting/websites, has recently patched a security vulnerability that allowed hackers with access to valid credentials to a cPanel account on the server, gaining cPanel bypassing the two-factor authentication (2FA) protection on an account.
The issue which is tracked as “SEC-575” and is discovered by researchers from Digital Defense.
The issue came from a lack of rate-limiting during 2FA during cPanel account logins, making an opportunity possible for a hacker/opportunist to repeatedly submit 2FA codes using the brute-force approach which eventually bypasses/hacks the authentication check.
Researchers have recently as of November 2020 said known attacks of this kind could be accomplished within minutes.
“The two-factor authentication cPanel Security Policy did not prevent an attacker from repeatedly submitting two-factor authentication codes,” cPanel said in this advisory. “This allowed an attacker to bypass the two-factor authentication check using brute-force techniques.”
cPanel has now addressed the flaw by adding a rate limit check to its cPHulk brute-force protection service, causing a failed validation of the 2FA code/codes to be treated as a failed login.
This is not the first time the absence of rate-limiting has posed a serious security concern, issues like this should not have happened but the issue was dealt with quickly which is what we would expect. At 247Rack we have no reports of any bypasses so do not worry and we are confident cPanel is still secure and always will be.
During July of 2020, the video conferencing company called Zoom fixed a security loophole that could of allowed any hackers/attackers to break/bypass the numeral passcode used to secure Zoom private meetings on the platform also enabling spying on all active participants of a target bypassed.
It’s recommended that all 247Rack cPanel customers using Cpanel to carry out commands or login to the admin panel and update apply the patches to mitigate the risk associated with the security flaw. We would highly recommend opensource software Jitsi, a self-hosted instance that can be easily setup with any 247Rack server.