By 
Security experts have found a major security fault in cPanel, a popular software suite that facilitates the management of a web hosting server.
Discovered by security experts from Digital Defense, the vulnerability lets hackers circumvent two-factor authentication (2FA) for cPanel accounts, which are used by website owners to access and manage their websites and fundamental server settings.
On its website, cPanel mentions that its software is presently used by a slew of web hosting companies to manage more than 70 million domains all over the globe.
However, Digital Defense said that the 2FA implementation on older cPanel & WebHost Manager (WHM) software was susceptible to brute-force attacks that let hackers conjecture URL parameters and circumvent 2FA.
While brute-forcing attacks typically take hours or days to perform, in this specific case, the attack required only a few minutes, per Digital Defense.
Taking advantage of this vulnerability also requires that hackers have valid credentials for a targeted account, but these can be attained from phishing the website owner.
Hearteningly, Digital Defense has privately reported the vulnerability, tracked as SEC-575, to the cPanel team, which has already issued fixes last week.
Website owners who use 2FA on their cPanel login can see if their web hosting provider has unveiled the update to their cPanel installation by checking the platform’s version number.
Per cPanel’s security advisory, the 2FA bypass issue has been patched in cPanel & WHM software 11.92.0.2, 11.90.0.17, and 11.86.0.32.
