Security News > 2020 > November > cPanel 2FA bypass vulnerability can be exploited through brute force

cPanel 2FA bypass vulnerability can be exploited through brute force
2020-11-25 10:55

A two-factor authentication bypass vulnerability affecting the popular cPanel & WHM software suite may allow attackers to access secured accounts, Digital Defense researchers have found.

Still, admins of sites that are managed through cPanel should check whether their provider did perform the update.

SEC-575, as it has been labeled by the cPanel Security Team, makes the two factor authentication feature available to users vulnerable to brute force attack.

"The two-factor authentication cPanel Security Policy did not prevent an attacker from repeatedly submitting two-factor authentication codes. This allowed an attacker to bypass the two-factor authentication check using brute force techniques," the team explained.

The vulnerability has been fixed in cPanel & WHM versions 92.0.2, 90.0.17, and 86.0.32.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/EKPy6RNuobw/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cpanel 5 110 253 28 26 417