cPanel Auth Bypass Flaw Lets Attackers Hijack Hosting Servers — Patch Now
Original source
Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately
The Hacker News →A critical authentication vulnerability has been disclosed in cPanel, the web hosting control panel that runs on a substantial share of shared and managed Linux hosting environments. The flaw allows attackers to bypass authentication checks and gain access to administrative functions, putting any unpatched server at immediate risk of full compromise.
Because cPanel typically holds the keys to email, DNS, databases, and file systems for every site on a host, an authentication bypass at this layer is effectively a hosting-wide takeover primitive. Mass-scanning of cPanel ports is constant, so disclosure-to-exploitation windows for this class of bug tend to be measured in hours, not days.
Operators should apply the vendor patch immediately, audit recent admin sessions and API token usage, rotate credentials and API tokens, and review WHM access logs for unfamiliar IPs or privilege changes since the disclosure window.
Read the full article
Continue reading at The Hacker News →This is an AI-generated summary. Read the original for the full story.