Critical Authentication Vulnerability on cPanel/WHM
Incident
Report for Liquid Web - Services
Subscribe to Updates
Update
Update: cPanel patch implemented.
We have deployed cPanel’s latest patch across eligible servers.
cPanel versions:
TIER 11.110 WAS: 11.110.0.96 NOW: 11.110.0.97
TIER 11.118 WAS: 11.118.0.61 NOW: 11.118.0.63
TIER 11.126 WAS: 11.126.0.53 NOW: 11.126.0.54
TIER 11.132 WAS: 11.132.0.27 NOW: 11.132.0.29
TIER 11.134 WAS: 11.134.0.19 NOW: 11.134.0.20
TIER 11.136 WAS: 11.136.0.4. NOW: 11.136.0.5
We are currently evaluating servers that failed to update (or had pre-existing update blockers), and we will be sending further updates as soon as more information is available. Network-level firewall blocks for cPanel, WHM, webmail, and webdisk ports remain in place at this time.
We appreciate your continued patience as we complete these actions to restore full service. If you have any questions in the meantime, please contact us for assistance.
We have deployed cPanel’s latest patch across eligible servers.
cPanel versions:
TIER 11.110 WAS: 11.110.0.96 NOW: 11.110.0.97
TIER 11.118 WAS: 11.118.0.61 NOW: 11.118.0.63
TIER 11.126 WAS: 11.126.0.53 NOW: 11.126.0.54
TIER 11.132 WAS: 11.132.0.27 NOW: 11.132.0.29
TIER 11.134 WAS: 11.134.0.19 NOW: 11.134.0.20
TIER 11.136 WAS: 11.136.0.4. NOW: 11.136.0.5
We are currently evaluating servers that failed to update (or had pre-existing update blockers), and we will be sending further updates as soon as more information is available. Network-level firewall blocks for cPanel, WHM, webmail, and webdisk ports remain in place at this time.
We appreciate your continued patience as we complete these actions to restore full service. If you have any questions in the meantime, please contact us for assistance.
Identified
Update: cPanel Patch Deployment Underway
cPanel has released a patch to address the authentication vulnerability that was identified today. Our engineers are currently working on deploying this patch across eligible cPanel services.
Once the patch is successfully applied, we will take the following actions:
Remove the network-level firewall blocks:
cPanel: 2082 / 2083
WHM: 2086 / 2087
Webmail: 2095 / 2096
Web Disk: 2077 / 2078
More information from cPanel is available here: https://support.cpanel.net/hc/en-us/articles/40073787579671-Critical-Vulnerability-with-cPanel-WHM-Login-Authentication
We appreciate your continued patience as we complete these actions to restore full service. If you have any questions in the meantime, please contact us for assistance.
cPanel has released a patch to address the authentication vulnerability that was identified today. Our engineers are currently working on deploying this patch across eligible cPanel services.
Once the patch is successfully applied, we will take the following actions:
Remove the network-level firewall blocks:
cPanel: 2082 / 2083
WHM: 2086 / 2087
Webmail: 2095 / 2096
Web Disk: 2077 / 2078
More information from cPanel is available here: https://support.cpanel.net/hc/en-us/articles/40073787579671-Critical-Vulnerability-with-cPanel-WHM-Login-Authentication
We appreciate your continued patience as we complete these actions to restore full service. If you have any questions in the meantime, please contact us for assistance.
Update
cPanel has disclosed that the additional cPanel-provided services Webmail and Web Disk are impacted by this vulnerability.
Out of an abundance of caution, and based on cPanel’s current recommendation, we are implementing temporary protective changes on servers hosted on our network.
Temporary changes being implemented:
-Blocking access to ports related to cPanel services:
WHM: 2082 / 2083
cPanel: 2086 / 2087
Webmail: 2096 / 2097
Web Disk: 2077 / 2078
-Temporarily disabling cpsrvd, which is the web wrapper for cPanel web services.As a result, cPanel, WHM, Webmail, Web Disk, and related cPanel services will be inaccessible, including over Cloud VPN connections.
These changes do not impact websites, email delivery, databases, or Apache functionality.
Customers who normally access email through Webmail can still access email by using a mail client. Setup instructions are available here:
https://www.liquidweb.com/help-docs/email/mail-clients/setup-an-email-client/
These temporary restrictions will be reverted as soon as cPanel releases a patch addressing the critical vulnerabilities.
Additional information from cPanel is available here:
https://support.cpanel.net/hc/en-us/articles/40073787579671-Critical-Vulnerability-with-cPanel-WHM-Login-Authentication
If you have further questions or need assistance, please contact our Support team.
Out of an abundance of caution, and based on cPanel’s current recommendation, we are implementing temporary protective changes on servers hosted on our network.
Temporary changes being implemented:
-Blocking access to ports related to cPanel services:
WHM: 2082 / 2083
cPanel: 2086 / 2087
Webmail: 2096 / 2097
Web Disk: 2077 / 2078
-Temporarily disabling cpsrvd, which is the web wrapper for cPanel web services.As a result, cPanel, WHM, Webmail, Web Disk, and related cPanel services will be inaccessible, including over Cloud VPN connections.
These changes do not impact websites, email delivery, databases, or Apache functionality.
Customers who normally access email through Webmail can still access email by using a mail client. Setup instructions are available here:
https://www.liquidweb.com/help-docs/email/mail-clients/setup-an-email-client/
These temporary restrictions will be reverted as soon as cPanel releases a patch addressing the critical vulnerabilities.
Additional information from cPanel is available here:
https://support.cpanel.net/hc/en-us/articles/40073787579671-Critical-Vulnerability-with-cPanel-WHM-Login-Authentication
If you have further questions or need assistance, please contact our Support team.
Update
A brief configuration issue in our Ashburn (NTT) data center caused an un-intended disruption to outbound network traffic. Customers with servers in this location may have experienced intermittent connectivity or downtime lasting approximately 10 minutes. Our team quickly identified and corrected the issue. All services have since been restored and are functioning normally.
We continue to restrict access to cPanel/WHM interfaces on ports 2082, 2083, 2086, and 2087 across our data centers until a patch is released by cPanel.
If you need assistance with any cPanel/WHM items please reach out to support through live chat or a ticket.
We will provide additional updates to this status page as more information is made available.
We continue to restrict access to cPanel/WHM interfaces on ports 2082, 2083, 2086, and 2087 across our data centers until a patch is released by cPanel.
If you need assistance with any cPanel/WHM items please reach out to support through live chat or a ticket.
We will provide additional updates to this status page as more information is made available.
Investigating
We are actively responding to a critical vulnerability affecting all versions of cPanel & WHM. This vulnerability impacts the authentication process and could allow unauthorized access if left unmitigated.
More information from cPanel is available here: https://support.cpanel.net/hc/en-us/articles/40073787579671-Critical-Vulnerability-with-cPanel-WHM-Login-Authentication
Our team is working alongside vendor guidance and implementing proactive safeguards to protect environments.
As an immediate precaution, we have temporarily restricted access to cPanel/WHM interfaces on the following ports 2082, 2083, 2086, and 2087. Restricted access will remain in place until a patch is developed and deployed. This action is being taken to prevent potential unauthorized access while a permanent fix is finalized.
Impact:
-Restricting access to cPanel/WHM Ports via a network firewall block. During this time customers will not be able to login to either WHM or cPanel unless they use a Cloud VPN Connection.
-No impact to hosted websites, applications, email or services.
We are closely monitoring the official patch release from cPanel and will deploy it as quickly as possible. Once mitigations are no longer required, normal access will be restored.
Until a patch is released by cPanel customers will need to utilize a Cloud VPN connection to access WHM or cPanel, or reach out to support via live chat or ticket for assistance WHM or cPanel assistance. Instructions on how to create a Cloud VPN user can be found here: https://www.liquidweb.com/help-docs/portal/account/account-security/setting-up-your-cloud-vpn/
If you require access to cPanel and WHM please feel free to reach out to us via chat or open up a support ticket with your request and we will be happy to assist you.
No additional action is required at this time. We will provide additional updates to this status page as more information is made available.
More information from cPanel is available here: https://support.cpanel.net/hc/en-us/articles/40073787579671-Critical-Vulnerability-with-cPanel-WHM-Login-Authentication
Our team is working alongside vendor guidance and implementing proactive safeguards to protect environments.
As an immediate precaution, we have temporarily restricted access to cPanel/WHM interfaces on the following ports 2082, 2083, 2086, and 2087. Restricted access will remain in place until a patch is developed and deployed. This action is being taken to prevent potential unauthorized access while a permanent fix is finalized.
Impact:
-Restricting access to cPanel/WHM Ports via a network firewall block. During this time customers will not be able to login to either WHM or cPanel unless they use a Cloud VPN Connection.
-No impact to hosted websites, applications, email or services.
We are closely monitoring the official patch release from cPanel and will deploy it as quickly as possible. Once mitigations are no longer required, normal access will be restored.
Until a patch is released by cPanel customers will need to utilize a Cloud VPN connection to access WHM or cPanel, or reach out to support via live chat or ticket for assistance WHM or cPanel assistance. Instructions on how to create a Cloud VPN user can be found here: https://www.liquidweb.com/help-docs/portal/account/account-security/setting-up-your-cloud-vpn/
If you require access to cPanel and WHM please feel free to reach out to us via chat or open up a support ticket with your request and we will be happy to assist you.
No additional action is required at this time. We will provide additional updates to this status page as more information is made available.
This incident affects: CPanel.