Our features site is undergoing a refresh! Be sure to explore the revamped site and discover our latest product roadmap launching here on Monday, March 18th.
New Topic
cPanel & WHM Feature RequestsTopicSecurity
Properties
Category Security

Improve handling of security issues

Monarobase shared this idea 2 years ago
Needs Review

As a web-hosting provider, I would like cPanel to notify its customers when there is a security issue that requires a feature to be disabled and also fix known security issues faster, so that cPanel servers don't get hacked.


The recent security issue with Horde has been very poorly managed by cPanel, and I would like cPanel to improve the way they manage such security issues.


The current timeline for the horde security issue is


https://support.cpanel.net/hc/en-us/articles/6483941705239-CVE-2022-30287-RCE-Vulnerability-reportedly-discovered-in-horde-


31/05/2022 (26 days ago) CVE-2022-30287 was publicly announced in a blog post by the security researcher

10/06/2022 (15 days ago ) cPanel aknoleges the security issue publicly here without informing their customers by any other means : https://support.cpanel.net/hc/en-us/articles/6483941705239-CVE-2022-30287-RCE-Vulnerability-reportedly-discovered-in-horde- 12/06/2022 (12 days ago) Horde releases Turba 4.2.28 to fix these issues

16/06/2022 (9 days ago) Plesk releases an updated version of Horde

25/06/2022 (today) cPanel has still not informed their customers by e-mail or within the WHM interface that they need to disable horde. cPanel also hasn't provided an ETA to updating horde.


and has not released a fix for this issue. cPanel's support say they do not have access to an ETA.


What should have happened :


cPanel should have detected the security issue earlier and determined the current workaround (disable horde) within 48 hours.

cPanel should have informed their customers that they need to disable horde within a few days.

cPanel should have released a fixed version with 5 days at least to their edge branch


We would like cPanel to add a message to WHM when logging in as root user when a security issue requires their intervention, we would also like cPanel to create a security mailing list to which sysadmins can subscribe to be notified about security issues.


We would also like cPanel to improve the speed at which cPanel resolves security issues and also provide ETAs for releasing security fixes when they are publicly known.

2 I like this idea 0  
Leave a Comment
 
Attach a file

cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.