Leaderboard

Mark Krydos for these since only he can do this.

This would really only affect regular users, and it would only affect their one account. If they clicked a bad link it could do something they didn't intend to their account. Since it would only affect the one account it wouldn't do much. People set terrible passwords and get their accounts hacked all the time, and that gives the hacker full control over their account. Clicking a strange link would give even less access than that probably. A bigger concern would be if a root admin with access to WHM clicked a suspicious link, but there's only 4 of us and I hope we're all smart enough not to click WHM links from someone we don't know. Only about 10 out of 5000 accounts even use two-factor authentication. It seems like most people wouldn't even care about this one. We don't even use this. We use a custom command line script that I wrote to transfer accounts that definitely isn't vulnerable to html injection. The brute force on two-factor authentication is a little concerning for the few people that actually use it, but like I said it definitely doesn't affect many. I have some other reasons to update cpanel on Tommy before too long so this will probably get fixed soon enough.

I’ll let Krydos have the final say, but I will say this: We very rarely (I can think of once in my 8 years, so effectively never) install cPanel’s updates on our servers because they typically break the server. We make extensive modifications to cpanel to accomplish what we would do with it (insomuch that cPanel support has told us we are one of if not *the* most extreme use case they’ve seen). The updates end up overwriting half of those changes and breaks the server.

Unarchived.

Your account is currently archived. This support request is being escalated to our root admins.