cPanel 2FA Bypass Exposes Tens of Millions of Websites to Hack ssn cvv, bloomingdales cc

Digital Defense, Inc., a leader in vulnerability and threat management solutions, announced that its Vulnerability Research Team (VRT) exposed a previously undisclosed vulnerability affecting the cPanel & WebHost Manager (WHM) web hosting platform.
cPanel & WHM is a suite of tools built for Linux OS that enables hosting providers and users the ability to automate server management and web hosting tasks. The software suite is currently used to manage above 70 million domains across the globe.
The cPanel &WHM version (90.0 Build 5) exhibits a two-factor authentication bypass defect, susceptible to brute force attack.
“The two-factor authentication cPanel Security Policy did not prevent an attacker from repeatedly submitting two-factor authentication codes. This allowed an attacker to bypass the two-factor authentication check using brute force techniques.” reads a  security advisory  released by the company. 
This problem was addressed with the release of the following builds:
The Digital Defense, Vulnerability Research Team right away makes contact with the affected vendor to notify the organization of the new finding(s) and help out, wherever possible, with the vendor’s remediation actions.
“Our standard practice is to work in tandem with organizations on a coordinated disclosure effort to facilitate a prompt resolution to a vulnerability. We will continue outreach to customers ensuring they are aware and able to take action to mitigate any potential risk introduced by the vulnerability,” states Mike Cotton, senior vice president of engineering at Digital Defense.”
You can follow us on  Linkedin ,  Twitter ,  Facebook  for daily Cybersecurity and hacking news updates.
Also Read
Ensiko – A PHP Based Web Shell with Ransomware Capabilities Attacks PHP Installation
Hackers using weaponized TeamViewer to Attack & Gain Full Control of the Government Networks
ssn cvv bloomingdales cc