Verb Tampering Issue
Good afternoon,
First of all sorry of possible mistakes on my communication.
My cPanel website has been tested by an Audit Company in order to gain a license for our bussiness.
This test check outs different security vulnerabilities that a website or a server has got.
Sadly the report was not succesful. The weird thing is that the high risk issues appeared on the subdomain "webmail".
This subdomain is use in cPanel for accessing to webmail.
The High Risk details are these
===================================
References Bypassing Web Authentication and Authorization with HTTP Verb Tampering Affected items
Details / No details are available.
POST / HTTP/1.1 Cookie: webmailrelogin=no; webmailsession=%3aAfxTY3P1CSCi6H20_4Kt6ojyiSLUJci2WW8HWP2gnrh2cEOJOjjL0VYoj32xeHoT%2ca8b a84b5f287fd149c4fba97a79d4befc866004160b89a5bc970e73844df8208; session_locale=pl Host: webmail.panasonicproclub.com Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: Accept: */*
=================================
There are the same, because going to Webmail on cPanel is the same if you put nothing or if you added /login.
Some ideas of if really exists problems of Verb Tampering on the Webmail Login access?
Is there a way to fix it, or to demonstrate that cPanel is secure in this task to show it to my business?
The cPanel version actually is WHM 11.42.0 (build 22)
And the server is a CENTOS 6.5.
Thanks in advance.
-
Go into WHM -> Tweak Settings and disable Proxy Domains. 0 -
Hello :) Yes, disabling the proxy subdomains feature should address this issue as indicated in the previous post. Let us know if that helps. Thanks. 0
Please sign in to leave a comment.
Comments
2 comments