Digital Defense, Inc. Discloses cPanel® & WHM® Vulnerability
Two-Factor Authentication Bypass Flaw Could Affect Over 70 Million Domains
By: Digital Defense, Inc.
"Our standard practice is to work in tandem with organizations on a coordinated disclosure effort to facilitate a prompt resolution to a vulnerability. The Digital Defense VRT reached out to cPanel who worked diligently on a patch. We will continue outreach to customers ensuring they are aware and able to take action to mitigate any potential risk introduced by the vulnerability,"
cPanel & WHM is a suite of tools built for Linux OS that allows hosting providers and users the ability to automate server management and web hosting tasks while simplifying the process of website hosting for the end user. Serving the global hosting community for over 20 years, cPanel touts having over 70 million domains launched on servers using cPanel & WHM to date.
What You Can Do
cPanel's recent advisory provides more details about the updates that have been released, which should be applied: https://news.cpanel.com/
Digital Defense Research Methodology and Practices
The Digital Defense VRT regularly works with organizations promoting the responsible disclosure of zero-day vulnerabilities. The expertise of the VRT, when coupled with the company's next generation hybrid cloud platform, Frontline Vulnerability Manager (https://www.digitaldefense.com/
To view Digital Defense's zero-day advisories to date, please visit: https://www.digitaldefense.com/
About Digital Defense:
Serving clients across numerous industries, from small businesses to very large enterprises, Digital Defense's innovative and leading edge technology helps organizations safeguard sensitive data and eases the burdens associated with information security. Frontline Vulnerability Manager™, the original Vulnerability Management as a Service (VMaaS) platform, delivers consistently accurate vulnerability scanning and penetration testing, while SecurED®, the company's security awareness training, promotes employees' security-minded behavior.
MRB Public Relations