cPanel and WHM Software’s 2-factor authentication vulnerability

December 12, 2020
cPanel WHM Software 2FA Authentication Vulnerability

Another significant contribution to the cybercommunity has been submitted by an ethical cybersecurity hacker that prevents possible issues that may have compromised many known websites for their vulnerability report.

According to the report, the vulnerability has been spotted with the well-known software cPanel and WHM. The company has been in the business since 1997, developing applications to boost browsing ease and management for sites on the internet. With the transition of time and a great leap of reliance on the internet, cPanel and WHM were able to place themselves on top of the list of developers that created software that conducts serviceability on hosting servers, either for resellers or directly from the owner/user. Their developed application is a Linux based program that provides a GUI to the site administrator to easily manage, configure, and relatively working on subdomains to add security to protect the site.

The vulnerability report confirmed that the flaw was found on the application logic of the application itself. Fortunately, this has been unravelled before this can be exploited by any malicious actors. It was confirmed that the authentication process can be altered as long as the adversary got hold of an elevated account of a cPanel client. After which, to fully log in to the client account, they will use a special algorithm software that can automatically guess random authentication code in seconds to avert the 2FA passcode to complete the login process.  This was due to the reason that the authentication procedure does not include a safety measure program such as a failed login counter to prevent a user from furthering login onto the console once a set threshold has been established.


Thus, exploiting this flaw would mean massive damage to the reported over 70 million websites that are using this cPanel and WHM application.


A similar flaw has been reported in July, that caused a considerable impact on the Zoom users. The vulnerability was found in the randomly generated meeting code that the software created for their users in hosting a conference. With a compromised meeting ID, the adversary can guess the meeting code again via an algorithm app and can join the meeting since no threshold of failed login has been set. Another controversy with the same vulnerability is the known CVE-2020-1442 that an adversary can exploit getting a foothold to the victim’s Domain Controller.

Fortunately, the reported vulnerability has been given much attention by the developer. As a consequence, the developer quickly released a patch to remedy the flaw before an attacker can exploit it. Cybersecurity experts said that this type of vulnerability can be tagged as a Zero-day attack and will create massive damage to the company and its customers if not had been addressed before the news be known especially on the dark web.

About the author

Leave a Reply