Security researchers have discovered a major security flaw in cPanel, a popular software suite used by web hosting companies to manage websites for their customers.
The bug, discovered by security researchers from Digital Defense, allows attackers to bypass two-factor authentication (2FA) for cPanel accounts.
These accounts are used by website owners to access and manage their websites and underlying server settings. Access to these accounts is critical, as once compromised, they grant threat actors full control over a victim’s site.
On its website, cPanel boasts that its software is currently used by hundreds of web hosting companies to manage more than 70 million domains across the world.
Source link