Try this, WHM > Server Configuration > Tweak Settings > Security tab:
Disable:
Enable HTTP Authentication
Enable HTTP Authentication for cPanel/WebMail/WHM Logins. This risks certain types of XSRF attacks that rely on cached HTTP Auth credentials. Disabling forces cookie authentication.