Saturday, January 23, 2021
  • Events
  • Interviews
  • Jobs
  • Community
  • Expert Blog
  • Whitepapers
  • Directory
Cloud7
  • Cloud
  • Hosting
  • Data Center
  • Linux
  • Security
  • More
    • Network/Internet
    • Development
    • Windows
    • Software
    • Hardware
    • Mobile
    • Big Data
    • Blockchain
    • Policy/Legislation
    • Video Games
  • Login
  • Register
No Result
View All Result
Cloud7
  • Cloud
  • Hosting
  • Data Center
  • Linux
  • Security
  • More
    • Network/Internet
    • Development
    • Windows
    • Software
    • Hardware
    • Mobile
    • Big Data
    • Blockchain
    • Policy/Legislation
    • Video Games
No Result
View All Result
Cloud7
No Result
View All Result

Home > Web Hosting > Two-factor authentication bypass flaw discovered in cPanel

Two-factor authentication bypass flaw discovered in cPanel

Digital Defense announced that its Vulnerability Research Team uncovered a vulnerability that affects cPanel & WebHost Manager.

Erdem Yasar by Erdem Yasar
November 26, 2020 11:46 am
in Web Hosting
1 min read
0 0
0
Two-factor authentication bypass flaw discovered in cPanel
0
SHARES
16
VIEWS
Share on FacebookShare on TwitterShare on EmailFollow on Google News

Vulnerability and threat management solutions provider, Digital Defense announced that its Vulnerability Research Team uncovered a previously undisclosed vulnerability that affects the popular web hosting platform. The two-factor authentication bypass flaw was found in cPanel &WHM version 11.90.0.5, making it vulnerable to a brute force attack which may cause an attacker with knowledge of or access to valid credentials to bypass the two-factor authentication protection.

Within minutes

Digital Defense also stated that the attack can be accomplished in minutes. The flaw is tracked as “SEC-575” and it has been remedied by cPanel in the 11.92.0.2, 11.90.0.17, and 11.86.0.32 versions of the software. The flaw is caused by a lack of rate-limiting during 2FA during logins, which also allows third parties to submit 2FA codes repeatedly. cPanel stated in its advisory,

“The two-factor authentication cPanel Security Policy did not prevent an attacker from repeatedly submitting two-factor authentication codes. This allowed an attacker to bypass the two-factor authentication check using brute-force techniques.”

Read also:  GoDaddy gives details on AR15.com boot

See more Web Hosting News



Tags: cPanel
More news
100k+
Sign up and
DISCOVER

Don't miss any update

  • Hosting industry news
  • Expanding community
  • Inspirational interviews
  • And more

Check your inbox or spam folder to confirm your subscription.

ShareTweetSendShare
Previous Post

Conapto to double Stockholm North facility

Next Post

Cyber Security Cloud collaborates with Headwaters

Erdem Yasar

Erdem Yasar

Editor of Cloud7, Erdem is a computer engineer, cloud security officer and a software developer.

Related News

cPanel announced TSR-2021-0001 full disclosure

cPanel announced TSR-2021-0001 full disclosure

January 21, 2021 1:53 am
A2 Hosting released performance VPS hosting packages

A2 Hosting released performance VPS hosting packages

January 21, 2021 1:47 am
Parler partially reemerges with help from Russian-owned service

Parler.com partially reemerges with help from Russian-owned service

January 20, 2021 4:39 pm
DreamHost to partner with Lendio to deliver customer PPP assistance

DreamHost to partner with Lendio to provide customer PPP assistance

January 18, 2021 4:58 pm
Next Post
Cyber Security Cloud collaborates with Headwaters

Cyber Security Cloud collaborates with Headwaters

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Editor's Choice

Project Lenix rebrands itself as AlmaLinux

Parler filed a lawsuit against Amazon

10 tech trends to look out for 2021

WhatsApp will share users’ data with Facebook

Five trends for data centers in 2021

DDoS, web application and bot attacks increased in 2020

CloudLinux introduced its CentOS replacement: Project Lenix

HostArmada Affordable Cloud SSD Shared Hosting

Get the Cloud7 Newsletter

Get FREE daily newsletters from Cloud7 delivering the latest news and reviews.

Check your inbox or spam folder to confirm your subscription.

Recent News

  • Cockroach Labs published 2021 Cloud Report
  • TeleGeography releases WAN Geography Benchmark tool
  • AWS announced Elasticsearch fork
  • Thrive acquire Apex IT Group
  • Steadfast partners with NAKA to accelerate cloud migrations
Moosend

Most Popular News

  • Parler.com domain transferred to Epik

    Parler.com domain moves to Epik

    0 shares
    Facebook 0 Twitter 0
  • Rackspace to provide AWS solutions to European Researchers

    0 shares
    Facebook 0 Twitter 0
  • Ubuntu 20.04 LTS (Focal Fossa) ISOs are ready to download

    1 shares
    Facebook 1 Twitter 0
  • Parler.com website back, but have some technical issues

    0 shares
    Facebook 0 Twitter 0
  • 7 best Linux mail servers

    1 shares
    Facebook 1 Twitter 0
  • GoDaddy gives details on AR15.com boot

    0 shares
    Facebook 0 Twitter 0
  • Red Hat unveils free RHEL for small production workloads

    0 shares
    Facebook 0 Twitter 0

Dome Binasi, Yesilce Mah. Dalgic Sok. No: 3/5 Kat: 1, Kagithane / Istanbul / Turkey

We bring you the latest news, articles, interviews, reviews, solutions, and videos related to cloud tech, data center, cyber security, web hosting, Linux and so on.

Read more

News Categories

  • Web Hosting
  • Cloud Computing
  • Data Center
  • Cyber Security
  • Linux
  • Network/Internet
  • Software
  • Development
  • Big Data
  • Blockchain
  • Hardware
  • Policy/Legislation

Our Free Modules

  • Events
  • Interviews
  • Jobs
  • Community
  • Expert Blog
  • Whitepapers
  • Directory

Get the Cloud7 Newsletter

Get FREE daily newsletters from Cloud7 delivering the latest news and reviews.

  • About Us
  • Privacy & Policy
  • Copyright Policy
  • Contact

© 2021 Cloud7: Data Center, Cloud Computing & Web Hosting News

No Result
View All Result
  • Cloud
  • Hosting
  • Data Center
  • Linux
  • Security
  • More
    • Network/Internet
    • Development
    • Windows
    • Software
    • Hardware
    • Mobile
    • Big Data
    • Blockchain
    • Policy/Legislation
    • Video Games
  • Events
  • Interviews
  • Jobs
  • Community
  • Expert Blog
  • Whitepapers
  • Directory

© 2021 Cloud7: Data Center, Cloud Computing & Web Hosting News

Welcome Back!

Sign In with Facebook
Sign In with Google
Sign In with Linked In
OR

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Sign Up with Facebook
Sign Up with Google
Sign Up with Linked In
OR

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.