CVE-2020-29136

MEDIUM

cPanel < 11.86.0.32 - Two-Factor Authentication Bypass via Brute-Force Attack

Title source: llm
STIX 2.1

Description

In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).

References (3)

Core 3
Core References
Vendor Advisory x_refsource_misc
https://docs.cpanel.net/changelogs/90-change-log/

Scores

CVSS v3 6.5
EPSS 0.0024
EPSS Percentile 47.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-307
Status published
Products (1)
cpanel/cpanel < 11.86.0.32
Published Nov 27, 2020
Tracked Since Feb 18, 2026