The exploit affects a feature in WebHost Manager through which resellers can let their users retrieve lost or forgotten passwords via email. The setting, found in WebHost Manager in the "Tweak Settings" section, "is built into all compiled cPanel binaries and as such can not be patched," according to an advisory on the [URL=http://www.securityfocus.com/archive/1/357172/2004-03-09/2004-03-15/0]BugTraq mailing list[/URL], which includes instructions on addressing the vulnerability.[/COLOR]
Downloads and Drivers
From the Forums
Subscribe to TechSpot
Get free exclusive content, learn about new features and breaking tech news.