In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).
References
Link | Resource |
---|---|
https://docs.cpanel.net/changelogs/90-change-log/ | Vendor Advisory |
https://news.cpanel.com/cpanel-tsr-2020-0007-full-disclosure/ | Vendor Advisory |
https://www.digitaldefense.com/news/zero-day-cpanel-and-webhost-manager/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-11-27T01:34:24
Updated: 2020-12-14T17:09:59
Reserved: 2020-11-27T00:00:00
Link: CVE-2020-29136
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-11-27T02:15:11.033
Modified: 2022-04-26T16:34:25.037
Link: CVE-2020-29136
JSON object: View
Redhat Information
No data.
CWE