Situation
It was found that SSL verification was not fully enforced in the DNS Cluster system, which could allow for a malicious server to man-in-the-middle the request and capture credentials. This affects cPanel & WHM versions 126 and higher.
Impact
We have pushed out a patch in the following cPanel & WHM versions:
- 11.126.0.59 and higher
- 11.130.0.23 and higher
- 11.132.0.32 and higher
- 11.134.0.26 and higher
- 11.136.0.10 and higher
We have pushed out a patch in the following WP Squared version:
- 11.136.1.12 and higher
Note: All further versions of cPanel are patched for this issue as well. Please see the latest changelogs for version information of each cPanel branch:
https://docs.cpanel.net/changelogs/
Call to Action
-
Update the cPanel version on the server to one of the versions listed above. This can be done with the following:
# /scripts/upcp --force
-
Once completed, verify the cPanel version with the following to ensure the update was successful.
# /usr/local/cpanel/cpanel -V
Additional Information
Additional security incidents are resolved in this latest release as well. Please see the following for more information:
Comments
0 comments
Article is closed for comments.