Very serious article on a security issue concerning the cPanel on a Web Host Manager (WHM).
Here is the author's summation with a Disclaimer that needs to be read.
Quote:
In summary, we covered two issues within the cPanel software which can lead to escalated access. The first being able to regain access to a suspended account and the second, being able to use one of two methods to get shell access, even its set to disabled in WHM. We also covered how to block the first method using hooks and we gave some tips on possible ways to catch the second method. Currently both vulnerabilities have not been corrected by the vendor, please refer to the cPanel change log: docs.cpanel.net/changelogs/ to see if a fix has been released.
Disclaimer: Code snippets and scripts are for informational purposes only, may not appear correctly, and have not been thoroughly tested, do not use in production.
|
If there are any thoughts, or examples of cPanel security issues, that anyone would like to discuss on this article I would like to hear them.
