Shared Hosting
Shared HostingKnowledgebase
Portal Home > Knowledgebase > Articles Database > WHMPHP - Insecure Credential Storage Vulnerability (R911-0069)
WHMPHP - Insecure Credential Storage Vulnerability (R911-0069)
 |
 |
 |
Posted by Steven, 09-18-2013, 04:17 PM Product Description: WHMPHP is a control panel developed for creating Master Resellers and Resellers. With the Master Reseller privilege, a reseller can resell reseller accounts, control the reseller quotas , assign private name servers, suspend, unsuspend, as well as terminate resellers. Vulnerability Description: There is a fundamental failure in how WHMPHP operates that allows any user on the server, regardless if they are master resellers or not to view the root access hash that would ultimately allow an attacker the ability to perform any function as root. Proof of Concept: Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date. Impact: We have deemed this vulnerability to be rated as HIGH due to the fact that a normal user can perform any tasks as root. Vulnerable Version: This vulnerability was tested against WHMPHP v6.4 and is believed to exist in all prior versions. Fixed Version: This vulnerability was patched in WHMPHP 6.5. Vendor Contact Timeline: 2013-05-23: Vendor contacted via email. 2013-05-25: Vendor confirms vulnerability. 2013-08-31: Vendor issues update. 2013-09-18: Rack911 issues security advisory.
Posted by Patrick, 09-18-2013, 04:30 PM It should be known that this vulnerability took a little over 3 months to be patched which we felt was unacceptable. We were led to believe that the software was being totally overhauled, which was not the case and it was "bandaid" fixed, which we were able to quickly defeat. We gave the vendor a week time frame to produce a correct fix and the developer was able to complete a real fix under the strict time frame.
Add to Favourites 
Print this Article
Also Read
