There’s no doubt that the ubiquitous “forgot your password?” feature has helped many users who’ve misplaced their password or otherwise forgotten it, however—the tradeoff is that it can result in bugs that help bad actors.

As demonstrated in this article, an attacker can use cPanel’s “forgot your password?” feature to reset a user password and obtain further access to an already compromised website.

Malicious File Used to Access Hosting Environment

One of our analysts discovered a malicious file on a compromised website’s hosting environment.

Continue reading An Indirect Way to Change cPanel Passwords at Sucuri Blog.

Via Sucuri.net