The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

New CPanel security problem!!!

Discussion in 'Security' started by yaax, Apr 2, 2004.

  1. yaax

    yaax Well-Known Member

    Joined:
    Jun 15, 2003
    Messages:
    67
    Likes Received:
    0
    Trophy Points:
    6
    Just found new security hole in CPanel. See here:
    http://www.securityfocus.com/bid/10002/info/

    And still no solution for this!!!

    Anyone have idea how to secure cpanel from this problem??

    CPanel must be updated ASAP!!!
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Well, it's not that new as it's now 4 days old. It has already been discussed on this forum when released. It's also a pretty low risk issue since it requires a stupid user to click on a URL given to them by the hacker, i.e. some social engineering, (OK, there are plenty of stupid users) and then requires then to login using the HTTP POST method instead of the .htaccess method into their account.

    It then only gives the hacker access to their account.

    It also says that cPanel are aware and working on a fix, which I would expect in their pending v9.2 release which is all over the ChangeLog, so I would suspect that upgrading to Edge would protect yourself if you're worried.

    If you're concerned about such things, log a bug report and you're likely to get a more appropriate answer than on the forums, which are more of a talking shop for users, not the product developers.
     
  3. bmcpanel

    bmcpanel Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    546
    Likes Received:
    0
    Trophy Points:
    16
    Actually, any development team SHOULD always check its forum exactly because a forum is a talking shop for its users. It's a great way to pickup on problems with their software.
     
Loading...

Share This Page