Improper Output Neutralization for Logs in cPanel - #VU98793
Published: October 17, 2024
cPanel
Detailed vulnerability description
The vulnerability allows a remote attacker to alter information in the log file.
the vulnerability exists due to incorrect processing certain encodings in the cPanel login_log. A remote attacker can craft the username for a failed login attempt so that it would create a confusing multi-line log entry in the login_log. This entry could make it appear that a user successfully logged into the server even though it was just an entry from a failed login attempt.