Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>cPanel 2FA bypassed in minutes via brute-force attacks

cPanel 2FA bypassed in minutes via brute-force attacks


A security flaw in the cPanel web hosting control panel allows attackers to circumvent two-factor authentication (2FA) checks via brute-force attacks for domains managed using vulnerable cPanel & WebHost Manager (WHM) versions.

cPanel is an administrative software regularly installed on shared web hosting services that allows admins and website owners to automate server and website management using a graphical user interface.

For a sense of scale regarding the number of websites potentially exposed to attacks by this flaw, cPanel says that over 70 million domains are hosted on servers using their web hosting management software.

Source:

BleepingComputer Website

https://www.bleepingcomputer.com/news/security/cpanel-2fa-bypassed-in-minutes-via-brute-force-attacks/

Team Cymru

www.team-cymru.org

Contact Information

E-mail:

contact@cert.ncb.mu

Postal Address

Mauritian Computer Emergency Response Team (CERT-MU)

National Computer Board,

2nd Floor Wing A,Shri Atal Bihari Vajpayee Tower,

Ebène Cybercity, Mauritius