Cpanel Exposed

Description

During the scan, Kayran has managed to find that the administrator’s login page is accessible through any IP address.

An attacker could exploit this finding to perform BruteForce attacks against users. He can also use it to create similar phishing pages, confusing users and more.

Recommendation

Define and restrict access which IP addresses are allowed to access the administrator’s login page.
Remember, only authorized personal should have access to this page, block access to anyone other than them.

References

https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/05-Enumerate_Infrastructure_and_Application_Admin_Interfaces

< Return to all Vulnerabilities

Red Team

You’ve probably heard that there are teams in the Cyber field called Red Team and Blue Team. Let’s talk about the red one, shall we?

Read More »