Researchers have recently as of November 2020 said known attacks of this kind could be accomplished within minutes.
The issue came from a lack of rate-limiting during 2FA during cPanel account logins, making an opportunity possible for a hacker/opportunist to repeatedly submit 2FA codes using the brute-force approach which eventually bypasses/hacks the authentication check. The issue which is tracked as “SEC-575” and is discovered by researchers from Digital Defense.
2-Factor Authentication Bypass hole in WHM cPanel security has been Reported effected WHM resellers.ĬPanel, a software provider to manage web hosting/websites, has recently patched a security vulnerability that allowed hackers with access to valid credentials to a cPanel account on the server, gaining cPanel bypassing the two-factor authentication (2FA) protection on an account.