Security News > 2020 > November > 2-Factor Authentication Bypass Flaw Reported in cPanel and WHM Software
cPanel, a provider of popular administrative tools to manage web hosting, has patched a security vulnerability that could have allowed remote attackers with access to valid credentials to bypass two-factor authentication protection on an account.
cPanel and WHM offers a Linux-based control panel for users to handle website and server management, including tasks such as adding sub-domains and performing system and control panel maintenance.
To date, over 70 million domains have been launched on servers using cPanel's software suite.
"The two-factor authentication cPanel Security Policy did not prevent an attacker from repeatedly submitting two-factor authentication codes," cPanel said in its advisory.
"This allowed an attacker to bypass the two-factor authentication check using brute-force techniques."
News URL
Related news
- Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software (source)
- PAN-OS authentication bypass hole plugged, PoC is public (CVE-2025-0108) (source)
- Hackers exploit authentication bypass in Palo Alto Networks PAN-OS (source)
- Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication (source)