Security News > 2020 > November > 2-Factor Authentication Bypass Flaw Reported in cPanel and WHM Software
cPanel, a provider of popular administrative tools to manage web hosting, has patched a security vulnerability that could have allowed remote attackers with access to valid credentials to bypass two-factor authentication protection on an account.
cPanel and WHM offers a Linux-based control panel for users to handle website and server management, including tasks such as adding sub-domains and performing system and control panel maintenance.
To date, over 70 million domains have been launched on servers using cPanel's software suite.
"The two-factor authentication cPanel Security Policy did not prevent an attacker from repeatedly submitting two-factor authentication codes," cPanel said in its advisory.
"This allowed an attacker to bypass the two-factor authentication check using brute-force techniques."