Hello to all! I would like to apologize if my topic is off-topic, but I am a little bit worried after reading this article: http://www.zone-h.org/advisories/read/id=8668 How do you think, is it critical or may be already fixed? Anton.
I'm not sure whether it's fixed, but the important point is that the exploit can only be run by one of your users, that is, they have to sign up with you first. This makes it fairly unlikely, and I'm sure cpanel will fix it in the near future.
I have always felt that way, however since so many customers love to use stupid passwords like "1234", "qwerty", "ncc1701" and other idiocy its not too much work for a hacker to get into a system as a "user".
well.. ncc1707 is not that much stupid. I think stupid is when customer is using the same password as his login name. like mama:mama.