Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

New CPanel security problem!!!

Discussion in 'Security' started by yaax, Apr 2, 2004.

  1. yaax

    yaax Well-Known Member

    Jun 15, 2003
    Likes Received:
    Trophy Points:
    Just found new security hole in CPanel. See here:

    And still no solution for this!!!

    Anyone have idea how to secure cpanel from this problem??

    CPanel must be updated ASAP!!!
  2. chirpy

    chirpy Well-Known Member

    Jun 15, 2002
    Likes Received:
    Trophy Points:
    Go on, have a guess
    Well, it's not that new as it's now 4 days old. It has already been discussed on this forum when released. It's also a pretty low risk issue since it requires a stupid user to click on a URL given to them by the hacker, i.e. some social engineering, (OK, there are plenty of stupid users) and then requires then to login using the HTTP POST method instead of the .htaccess method into their account.

    It then only gives the hacker access to their account.

    It also says that cPanel are aware and working on a fix, which I would expect in their pending v9.2 release which is all over the ChangeLog, so I would suspect that upgrading to Edge would protect yourself if you're worried.

    If you're concerned about such things, log a bug report and you're likely to get a more appropriate answer than on the forums, which are more of a talking shop for users, not the product developers.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. bmcpanel

    bmcpanel Well-Known Member

    Jun 1, 2002
    Likes Received:
    Trophy Points:
    Actually, any development team SHOULD always check its forum exactly because a forum is a talking shop for its users. It's a great way to pickup on problems with their software.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice