The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: 2-Factor Authentication

CISA Adds Single-Factor Authentication to the List of Bad Practices

CISA Adds Single-Factor Authentication to the List of Bad Practices

August 30, 2021Ravie Lakshmanan
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday  added  single-factor authentication to the short list of "exceptionally risky" cybersecurity practices that could expose critical infrastructure as well as government and the private sector entities to devastating cyberattacks. Single-factor authentication is a  method  of signing in users to websites and remote systems by using only one way of verifying their identity, typically a combination of username and password. It's considered to be of low-security, since it heavily relies on "matching one factor — such as a password — to a username to gain access to a system." But with weak, reused, and common passwords posing a grave threat and emerging a lucrative attack vector, the use of single-factor authentication can lead to unnecessary risk of compromise and increase the possibility of account takeover by cybercriminals. With the latest development, the  list of bad practices  now e
2-Factor Authentication Bypass Flaw Reported in cPanel and WHM Software

2-Factor Authentication Bypass Flaw Reported in cPanel and WHM Software

November 24, 2020Ravie Lakshmanan
cPanel, a provider of popular administrative tools to manage web hosting, has patched a security vulnerability that could have allowed remote attackers with access to valid credentials to bypass two-factor authentication (2FA) protection on an account. The issue, tracked as "SEC-575" and discovered by researchers from  Digital Defense , has been remedied by the company in versions 11.92.0.2, 11.90.0.17, and 11.86.0.32 of the software. cPanel and WHM (Web Host Manager) offers a Linux-based control panel for users to handle website and server management, including tasks such as adding sub-domains and performing system and control panel maintenance. To date, over  70 million domains  have been launched on servers using cPanel's software suite. The issue stemmed from a lack of rate-limiting during 2FA during logins, thus making it possible for a malicious party to repeatedly submit 2FA codes using a brute-force approach and circumvent the authentication check. Digital D
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.