Jump to content

[Solved] vulnerability to brute force attack


garrigue

Recommended Posts

I’ll let Krydos have the final say, but I will say this:

 

We very rarely (I can think of once in my 8 years, so effectively never) install cPanel’s updates on our servers because they typically break the server. We make extensive modifications to cpanel to accomplish what we would do with it (insomuch that cPanel support has told us we are one of if not *the* most extreme use case they’ve seen). The updates end up overwriting half of those changes and breaks the server.

  • Like 1
Link to comment
Share on other sites

Due to this mistake, a cPanel & WHM user could be misled into performing actions they did not intend.

This would really only affect regular users, and it would only affect their one account. If they clicked a bad link it could do something they didn't intend to their account. Since it would only affect the one account it wouldn't do much. People set terrible passwords and get their accounts hacked all the time, and that gives the hacker full control over their account. Clicking a strange link would give even less access than that probably. A bigger concern would be if a root admin with access to WHM clicked a suspicious link, but there's only 4 of us and I hope we're all smart enough not to click WHM links from someone we don't know.

 

This allowed an attacker to bypass the two-factor authentication check using brute force techniques.

Only about 10 out of 5000 accounts even use two-factor authentication. It seems like most people wouldn't even care about this one.

 

Error messages in the WHM Transfer Tool Interface were not properly encoded. This allowed the injection of HTML into some error messages displayed for invalid inputs.

We don't even use this. We use a custom command line script that I wrote to transfer accounts that definitely isn't vulnerable to html injection.

 

The brute force on two-factor authentication is a little concerning for the few people that actually use it, but like I said it definitely doesn't affect many. I have some other reasons to update cpanel on Tommy before too long so this will probably get fixed soon enough.

  • Like 1
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...