Researchers from Digital Defense have reported a vulnerability in cPanel, which allows hackers to bypass the 2FA authentication for cPanel accounts.
Since cPanel & Web Host Manager are relatively popular platforms used for server & website management and web hosting tasks on Linux OS, around 70 million domains could potentially be at risk.
Vulnerability cPanel: what's the problem?
This security issue with cPanel requires hackers to obtain the credentials of the cPanel account. This is generally done with a convincing phishing email. Digital Defense found a vulnerability that hackers can use to repeatedly guess two factor authentication codes.
Instead of using URI encoding for incorporating user supplied data, the cPanel and WHM interfaces were using URL encoding.
Once hackers have the right credentials for the cPanel account, they can use brute force to guess the URL parameters to bypass the 2FA. There is no lockout or delay mechanism to prevent such an attack. While brute force generally takes a few days, some might get lucky and sneak in within minutes.
How to deal with the cPanel vulnerability
Make sure you have the latest version of cPanel and WHM software 220.127.116.11, 18.104.22.168, and 22.214.171.124 installed. These are the versions that have been patched for the 2FA bypass issue.
A failed 2FA authentication is now treated the same as a failure of validation for the account's primary password. You can find the update and more details from cPanel here.
Whatever you do, do not disable the 2FA on your cPanel.
For full disclosure from cPanel, please check SEC-567 .
For more from Digital Defense and zero day vulnerabilities, check out their website.