Cpanel 11.X Edit E-mail Cross Site Request Forgery exploit

ASTRAPI · Nov 22, 2010

A new exploit is out a few hours ago

Cpanel 11.X Edit E-mail Cross Site Request Forgery exploit

How can i protect from this?

I do not use cpanel emails at all as i have only one account and i use a gmail account and not [email protected] account.....

What a user can do with this and how can i identify it?

I am using ssl also on the whm login... Does that helps on this case?

Thank you

cPanelNick · Nov 22, 2010

Please enable security tokens. This is effective at preventing this type of attack.

http://docs.cpanel.net/twiki/pub/AllDocumentation/ReleaseNotes/recommended_settings.pdf

ASTRAPI · Nov 22, 2010

Do i have to use the same setting to prevent this on the new 11.28 also?

Or the new version do not extra settings to prevent this?

Thank you

cPanelNick · Nov 22, 2010

11.28 has security tokens enabled by default. see http://docs.cpanel.net/twiki/bin/vi...ReleaseNotes#Security Tokens Enabled by Defau

You will still need to enable them if you upgrade from an older version.

Thread starter	Similar threads	Forum	Replies	Date
R	Chmode 444, but cpanel user still able to edit and delete file	Security	4	Feb 8, 2016
T	Editing modsec2.user.conf in cPanel 11.46	Security	1	Nov 8, 2014
P	Edit /usr/local/cpanel/3rdparty/etc/php.ini to set register_globals to off	Security	2	Feb 13, 2013
	Contact Email security in cpanel is easily edited.	Security	2	Oct 17, 2011
E	Cpanel hacked last week, want some credit	Security	20	Mar 20, 2004

Search

Search

Cpanel 11.X Edit E-mail Cross Site Request Forgery exploit

ASTRAPI

Well-Known Member

cPanelNick

Administrator

ASTRAPI

Well-Known Member

cPanelNick

Administrator