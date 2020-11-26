Expert Comments

Two-Factor Authentication Bypass Flaw Affects 70 Million+ Domains

Expert(s):
Expert(s):

Researchers have uncovered a previously undisclosed vulnerability affecting the cPanel & WebHost Manager (WHM) web hosting platform. cPanel &WHM version 11.90.0.5 (90.0 Build 5) exhibits a two-factor authentication bypass flaw, vulnerable to brute force attack, resulting in a scenario where an attacker with knowledge of or access to valid credentials could bypass two-factor authentication protections on an account.

Experts Comments

Dot Your Expert Comments
Craig Young,
November 26, 2020
Principal Security Researcher
Tripwire
This 2-factor implementation was little more than window dressing.
cPanel’s 2-factor authentication could be bypassed because it did not lock users out for failed attempts. This and a lack of rate-limiting meant that attackers could use a script to simply try every possible 2-factor code until they found the right one. The result is that this 2-factor implementation was little more than window dressing.

If you are an expert on this topic:

Dot Your Expert Comments
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

Mobileiron Vulnerability Used By State-backed Hackers To Break Into Networks...

Expert Reaction On Onfido’s Survey Shows UK Consumers Demanding Better...

Expert Commentary: Spotify Launches ‘Rolling Reset’ On Customer Accounts, Passwords...

Expert Insight On The Bluetooth Attack To Steal A Tesla...

Comment: Baidu Caught Collecting Sensitive Details From Android Users

Spoofed FBI Domains Pose Risk Of Cybercrime And Disinformation

Home Depot Reaches $17.5 Million Settlement Over 2014 Breach

Expert Advise In Relation To CISA Warns Of Holiday Online...

Expert Advise On Black Friday And Cyber Monday

Experts Warning And Advice On Black Friday Threats

Join the discussion with expert(s)

Save my name, email, and website in this browser for the next time I comment.

* By using this form you agree with the storage and handling of your data by this website.