cPanel Vulnerability Disclosed

By on March 14, 2004, 5:50 AM
[COLOR=#1951B9]A vulnerability has been discovered in cPanel's WebHost Manager reseller control panel, which could be exploited to allow malicious users to run some commands as root (superuser).

The exploit affects a feature in WebHost Manager through which resellers can let their users retrieve lost or forgotten passwords via email. The setting, found in WebHost Manager in the "Tweak Settings" section, "is built into all compiled cPanel binaries and as such can not be patched," according to an advisory on the [URL=http://www.securityfocus.com/archive/1/357172/2004-03-09/2004-03-15/0]BugTraq mailing list[/URL], which includes instructions on addressing the vulnerability.[/COLOR]

Source: [URL=http://news.netcraft.com/archives/2004/03/12/cpanel_vulnerability_disclosed.html]Netcraft[/URL]

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.