#VU4863 Weak password in cPanel

Cybersecurity Help s.r.o.

Published: 2017-01-18

Vulnerability identifier: #VU4863

Vulnerability risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: N/A

CWE-ID: CWE-521

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
cPanel
Web applications / Remote management & hosting panels

Vendor: cPanel, Inc

Description

The vulnerability allows a remote attacker to gain unauthorized access to database.

The Munin monitoring tool includes a plugin to check the status of the MySQL service. This plugin used a dedicated test MySQL user to provide this functionality. The password set for this user was identical to the username. In cPanel’s current configuration of Munin, this MySQL user is no longer required and has been removed.

Successful exploitation of this vulnerability may allow an attacker to gain unauthorized access to MySQL database.

Mitigation
This issue is resolved in the following builds:
62.0.4
60.0.35
58.0.43
56.0.43
54.0.36

Vulnerable software versions

cPanel: 11.54.0.0 - 11.62.0.2

External links
https://news.cpanel.com/tsr-2017-0001-full-disclosure/ (SEC-196)

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in cPanel