Jump to content


Photo

[Solved] vulnerability to brute force attack


  • This topic is locked This topic is locked
6 replies to this topic

#1 garrigue

garrigue

    Rank I Member

  • Members
  • Pip
  • 26 posts
  • Gender:Male
  • Location:Toulouse, France

Posted 30 November 2020 - 10:52 AM

Hello,

 

Apparently, there is a vulnerability on Cpanel. Here is the official announcement: cPanel TSR-2020-0007 Full Disclosure | cPanel Newsroom

 

If I understand correctly, it has been resolved on the last version of Cpanel. So, to secure our Cpanel, do you plan to update all Cpanels ?

 

Best regards,

Julien



#2 flazepe

flazepe

    Rank X Member

  • Moderators
  • 1,909 posts
  • Gender:Male

Posted 30 November 2020 - 12:17 PM

This support request is being escalated to our root admins.

#3 wolstech

wolstech

    Rank X Member

  • Root Admin
  • 13,561 posts
  • Gender:Male
  • Location:Pennsylvania

Posted 30 November 2020 - 01:15 PM

I’ll let Krydos have the final say, but I will say this:

We very rarely (I can think of once in my 8 years, so effectively never) install cPanel’s updates on our servers because they typically break the server. We make extensive modifications to cpanel to accomplish what we would do with it (insomuch that cPanel support has told us we are one of if not *the* most extreme use case they’ve seen). The updates end up overwriting half of those changes and breaks the server.

Please do not PM me for support. Posting on our forums lets all of us learn.
Do you play Minecraft? | Server Monitors | And the Dumbass of the Decade award goes to...


#4 Krydos

Krydos

    Rank X Member

  • Root Admin
  • 21,950 posts
  • Gender:Male

Posted 30 November 2020 - 06:25 PM

Due to this mistake, a cPanel & WHM user could be misled into performing actions they did not intend.

This would really only affect regular users, and it would only affect their one account. If they clicked a bad link it could do something they didn't intend to their account. Since it would only affect the one account it wouldn't do much. People set terrible passwords and get their accounts hacked all the time, and that gives the hacker full control over their account. Clicking a strange link would give even less access than that probably. A bigger concern would be if a root admin with access to WHM clicked a suspicious link, but there's only 4 of us and I hope we're all smart enough not to click WHM links from someone we don't know.
 

This allowed an attacker to bypass the two-factor authentication check using brute force techniques.

Only about 10 out of 5000 accounts even use two-factor authentication. It seems like most people wouldn't even care about this one.
 

Error messages in the WHM Transfer Tool Interface were not properly encoded. This allowed the injection of HTML into some error messages displayed for invalid inputs.

We don't even use this. We use a custom command line script that I wrote to transfer accounts that definitely isn't vulnerable to html injection.

 

The brute force on two-factor authentication is a little concerning for the few people that actually use it, but like I said it definitely doesn't affect many. I have some other reasons to update cpanel on Tommy before too long so this will probably get fixed soon enough.



#5 garrigue

garrigue

    Rank I Member

  • Members
  • Pip
  • 26 posts
  • Gender:Male
  • Location:Toulouse, France

Posted 01 December 2020 - 06:38 AM

Thank you very much @krydos for all detailed explanations and your reassuring message. We can close this case.

 

Best regards,

 

Julien



#6 garrigue

garrigue

    Rank I Member

  • Members
  • Pip
  • 26 posts
  • Gender:Male
  • Location:Toulouse, France

Posted 01 December 2020 - 06:40 AM

Thanks to all of you by the way :) @flapeze and @wolstech 



#7 Krydos

Krydos

    Rank X Member

  • Root Admin
  • 21,950 posts
  • Gender:Male

Posted 02 December 2020 - 04:37 PM

Thanks for bringing it to our attention.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users