The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Report of a cpanel CSRF 0 day on twitter

Discussion in 'Security' started by jerrybell, May 26, 2012.

  1. jerrybell

    jerrybell Well-Known Member

    Joined:
    Nov 27, 2006
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    6
    I found this in my twitter feed this morning:

    [webapps / 0day] - Cpanel 11.X Multiple CSRF Vulnerability /http://t.co/My79Xgmg/

    Haven't had a chance to try it yet.
     
  2. JeffP.

    JeffP. Well-Known Member

    Joined:
    Sep 28, 2010
    Messages:
    164
    Likes Received:
    9
    Trophy Points:
    18
    Hi jerrybell,

    cPanel solved the CSRF issue a few years back with the introduction of security tokens:

    cPanel 11.25


    So, to prevent falling victim to CSRF attacks, you can enable the security tokens feature via WHM >> Security Tokens. Note that security tokens are enabled by default.

    Thanks for your attentiveness and your concern.
     
Loading...

Share This Page