cPanel has address customer security concerns around the security model used by the transfer and backup restore system. According to the blog post, their restore system is limited to the root user and recommends that you do not restore data from untrusted sources. Its warnings, however, have been an inadequate as it discourages the restoration of account backup packages.

cPanel says that the restoration of account backup packages from unknown sources is a more common practice than they have envisioned it.

cPanel should have caught this issues but the issue isn’t fixed yet. It may also be possible that they have not have address the issue at all if not for Rack911 who posted about the security flaw.


Read the rest of the post here:

Shares 0