"Lucky Thirteen" SSL Vulnerability - WHM/cPanel impact

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,577
51
308
cPanel Access Level
Root Administrator
OpenSSL on cPanel & WHM servers is not provided by cPanel & WHM, rather it is provided by your operating system. To find information on when your installation will be updated it is recommended you ask your operating system provider. This is usually Red Hat, CentOS or CloudLinux.

As is disclosed in the linked report, as well as others, the Lucky 13 vulnerability is difficult to exploit. It requires near access to your server. Usually this means "on the same LAN" or local segment.

Prioritizing RC4 in your cipher suite is the recommended means of protecting your services against Lucky 13, at least until your OpenSSL installation is updated. RC4 has some academic weaknesses, but appears to be robust enough in OpenSSL's implementation so as to be "safe", at least according to my understanding.
 
Thread starter Similar threads Forum Replies Date
J Security 3