A critical authentication bypass vulnerability has been identified in a foundational web hosting management platform, exposing thousands of websites to unauthenticated takeover. This flaw allows an attacker to obtain administrative access to the control panel, bypassing security checks across various authentication paths.
The vulnerability impacts all supported versions of cPanel. Attackers are currently exploiting this flaw to hijack websites, redirect client traffic to malicious domains, and launch large-scale phishing campaigns. Security researchers have noted that the issue stems from improper handling of authentication tokens during specific login flows, providing an unauthenticated path to root-level control of the hosting environment.
Web hosting control panels are the crown jewels of SMB infrastructure; a compromise here provides the adversary with complete control over the site files, databases, and associated email accounts. The rapid exploitation of this flaw demonstrates the high demand for reliable, unauthenticated access into hosted environments.
– Upgrade cPanel installations to patched versions ❨11.110.0.97, 11.118.0.63, 11.126.0.54, or 11.132.0.29❩ immediately.
– Audit authentication logs for suspicious or failed login attempts originating from unknown IP addresses.
– Force a password reset for all administrative and user accounts managed through the cPanel interface following the patch.
– Implement two-factor authentication ❨2FA❩ for all accounts to provide an additional layer of protection against token-based bypasses.
Hosting infrastructure requires immediate remediation to prevent the weaponization of legitimate websites for global phishing and malware distribution. #CodeDefence #cPanel #WebHosting #AuthenticationBypass
/
