Hackers Say 'Sorry' After Exploiting Critical CPanel Flaw

Summary

Hackers are leaving a peculiar message, 'sorry,' in their wake following the exploitation of a critical vulnerability in CPanel, a web hosting control panel. This flaw allows attackers to bypass authentication and gain root access to servers. The vulnerability stems from improper input sanitization in CPanel's session management. Attackers can inject malicious data, such as 'has root=1', by exploiting a weakness related to newline characters, specifically using a carriage return line feed. This allows them to overwrite session data and gain unauthorized privileges. The flaw affects both CPanel and WHM, with an estimated 44,000 IP addresses exposed to the internet potentially at risk. Security researchers discovered the exploit, noting that AI may have assisted in its identification. This vulnerability has been actively exploited by ransomware groups, according to cybersecurity advisories. While CPanel is a widely used tool for managing web applications, this incident highlights the persistent challenges in securing authentication mechanisms, even after decades of development. The vulnerability is a logic flaw, not a memory safety issue, and would not be directly fixed by languages like Rust.