Bruteforcing attacks have allowed hackers to bypass 2FA of WHM and cPanel.
Vulnerability dubbed as CVE-2020-27641 has allowed malicious actors to bypass 2-factor authentication of Web Hosting Manager and cPanel. The targeted products have been actively working to ease various features for webmasters.
The listed products allow people who don’t know much about coding to implement a range of features like installing new websites in one click. However, it is important to understand that the entire setup in itself could be vulnerable as well.
Security researchers have alerted people about the vulnerability which allows hackers to compromise the 2FA by simply using brute force attacks. The vulnerability rose because of the unlimited amount of trials available for entering the 2FA code.
cPanel has issued patches and users can protect themselves by updating to its latest version. If you think on the other hand that you may have been a victim of such an attack, it is best to contact their support team who can help you secure your account further on.
Install NPAV on your devices to keep them safe and secure from all kinds of cyberattacks. Use NPAV and join us on a mission to secure the cyber world.