Skip to main content

Two-Factor Authentication Weakness Found In Website Hosting

 

The security services provider, Digital Defense recently revealed information about a 2FA vulnerability in ‘cPanel & WHM’, a website hosting platform. For your information, WHM stands for WebHost Manager, the tool that web hosting service providers offer to clients. WHM is behind more than 70 million website domain names, and it is used to offer control over virtual private servers or dedicated servers.

The said vulnerability enabled exposing 2FA to an exhaustive search attack. The provider of security solutions managed to show that it only took a couple of minutes for an effective cyberattack to happen.

The attack comes with a caveat, though. The cyberattacker would have to either know valid credentials or should have the right to use these. This would reduce their attack surface scope to insider attacks or stolen website credentials. That means over 70 million groups of credentials (granted that there is one for each domain). That also means website hosting providers would have to ensure that they have made every WHM instance up to date.

cPanel Acts To Resolve This Authentication Vulnerability

The information about the vulnerability only came to light after the release of a cPanel & WHM update. Back in November 2020, cPanel, L.L.C., released an update, and according to the company, the problem has been resolved in the following builds.

·       11.90.0.17

·         11.92.0.2

·         11.86.0.32

The senior VP of engineering for Digital Defense, Mike Cotton has responded to the issue recently. He recently said that working together with enterprises on an attempt of coordinated disclosure to enable a prompt process of resolving a vulnerability, is Digital Defense’s usual practice. Digital Defense’s Vulnerability Research Team communicated with cPanel, said Cotton while noting that cPanel worked in a diligent way on a security patch. Cotton also stated that Digital Defense would keep communicating with customers to ensure that they can act to mitigate new, potential risks due to the vulnerability.

What Does That Mean To Enterprises?

Almost every website hosted on a Linux-based server will use cPanel & WHM as its management suite. Many people regard it as the best-known and most widely deployed form of software. The fact that this kind of big flaw occurred, shows the importance of testing. Digital Defense deemed it a ‘zero-day attack’, but it gave cPanel enough time to resolve the issue in accordance with responsible disclosure policies.

Anyhow, several web hosting service providers are yet to update it to the most recent version. Every website owner has to check their cPanel version. When it is a different version, the owner has to inform the same to their web host and demand an update.

Labels:

Comments

Post a Comment

Popular posts from this blog

A Guide About The Importance Of Website Data Backup

  Website backup is an important aspect of security and at times of emergencies, it can be of great help. Due to this, reliable web hosts like Hostsailor provides different types of data backup options along with their web hosting services. Most often, some sort of basic au tom atic backup is available in most shared web hosting plans. Besides, when looking for a web host for hosting your website, you must enquire about this as it becomes saving grace during situations like unexpected server downtime, etc. In this article, we will look in detail the importance of data backup for your website. What Is Website Backup? A website backup is a copy of all your website data, and the amount of data depends on the policy of your web host or the backup provider. As a rule of thumb, the more data that is backed up, the  bet ter. This is especially true for websites that focus media, where you will require all the content and databases to get it running again. Because of this, the terms o...
Post a Comment
Read more

Reasons To Use An Unmanaged Dedicated Server

Some of the best-dedicated server providers offer unmanaged and managed hosting options. This leaves the question of when to be on an unmanaged dedicated server hosting plan. If you are unaware of what an unmanaged hosting service means, you perhaps should not have it. Here, we will discuss why and when you should be on the best dedicated hosting plan that is unmanaged. What Does Unmanaged Dedicated Server Hosting Mean? It is a dedicated server plan that offers root access, which offers the user control over custom configurations. It requires experience in server administration and expertise in the installed OS. The web host will only set up software on the server after the customer makes their selection on checkout. Otherwise, you and/or your team will be responsible for server upkeep. When to Use An Unmanaged Dedicated Server Plan You should go for an unmanaged dedicated server plan when you require not only the power that comes with this form of a server but also the flexib...
1 comment
Read more

How E-Commerce Startups Can Benefit from VPS Hosting

Virtual Private Server hosting complements the growth of your e-commerce website and is a good option for business owners to consider. Although first marketed as a transitional state between shared hosting and dedicated server hosting, VPS hosting has become the go to choice of most e-commerce businesses, especially startups, and it’s very easy to see why. Here are a few reasons for how your e-commerce store stands to benefit from VPS hosting.   No Limitations: By far the biggest reason why business owners prefer VPS hosting over shared hosting is because it poses no limitations on their growth. As a business matures, it attracts more customers and the company’s clientele increases, therefore your hosting service should expand with your business to accommodate your new clients. Unfortunately, shared hosting is very limited in its expansion. If you run multiple scripts to make things easier for your clients, there’s a high chance that you will exceed the computat...
Post a Comment
Read more