cPanel is administration software regularly installed on shared web hosting services that allows website owners and administrators to automate the management of websites and servers using a graphical user interface.
For us to be aware of the cPanel issue, there are around 70 million domains hosted on servers using their web hosting management software. This is a big security concern for many websites, especially those that don’t update frequently.
Over 70 million sites could be compromised by cPanel
The vulnerability, identified as CVE-2020-27641, was discovered by researchers Michael Clark and Wes Wright of cybersecurity company Digital Defense.
Attackers could abuse CVE-2020-27641 to bypass two-factor authentication (2FA) for cPanel accounts. This would happen on millions of websites. CPanel’s security policy has not prevented them from repeatedly sending two-factor authentication codes.
“When MFA is enabled, a user who has the feature enabled can submit as many attempts for the MFA key as they want without any blocking or delay to prevent a brute force attack,” the researchers said.
“This results in a scenario in which an attacker knowing valid credentials could bypass MFA protections on an account within hours. Our tests have shown that finer tuning of the attack can be achieved within minutes.
Attackers can only exploit the 2FA bypass flaw on accounts for which they “know or have access to valid credentials”.
Security updates are now available
cPanel has released security updates to address the vulnerability in cPanel and WHM versions 18.104.22.168, 22.214.171.124, and 126.96.36.199, available for download through Software Update.
In updated versions of cPanel, brute force attempts in 2FA will result in password validation errors. During this time, future attack attempts will be limited by cPHulk.
“There is no reason to believe that these vulnerabilities have become known to the public.” This was reported by the company last week after the release of security updates CVE-2020-27641.
“Once enough time has passed, it allows automatic updates to cPanel and WHM to start. cPanel will publish additional information on the nature of the security issues. “
CPanel users are encouraged to contact the company directly. For more details on the 2FA bypass fault if necessary.