Security News > 2020 > November > 2FA Bypass Vulnerability Patched in cPanel & WebHost Manager
cPanel last week released patches to address three vulnerabilities in cPanel & WebHost Manager, including one leading to two-factor authentication bypass.
With over 20 years of web hosting experience, cPanel claims servers using cPanel & WHM have launched more than 70 million domains.
Identified by security researchers at Digital Defense, Inc., the 2FA bypass issue could allow attackers to perform brute-force attacks on cPanel & WHM. An attacker with knowledge of or access to valid credentials, the researchers say, could bypass the 2FA protections on an account within minutes.
cPanel & WHM builds 11.92.0.2, 11.90.0.17, and 11.86.0.32 were found vulnerable.
"The cPanel Security Team and independent security researchers identified the resolved security issues. There is no reason to believe that these vulnerabilities have been made known to the public," cPanel said last week.