cPanel – Account Transfer Insecure File Permissions (R911-0051)

Type: Insecure File Permissions
Location: Local
Impact: Medium
Product: cPanel
Vulnerable Version: All versions prior to the fixed builds below.
Fixed Version:,,, &
CVE: -
R911: 0051
Date: 2013-08-29
By: Rack911

Product Description:

cPanel is an easy-to-use control panel that gives web hosts and the website owners they serve, the ability to quickly and easily manage their servers and websites. Web Host Manager (WHM) is a part of the cPanel software, often used by resellers and system administrators.

Vulnerability Description:

When an account is being transferred over from a remote erver, it is temporarily stored under the /home directory with 644 file persmissions that could allow an attacker to make a copy of it thus obtaining data belonging to the other account.

It would be trivial for an attacker to run a cron job that looks for a certain process running that divulges the username of an account currently being transferred over to automate the whole process of stealing the data.

Proof of Concept:

Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.


We have deemed this vulnerability to be rated as MEDIUM due to the fact that any transferred account can have it’s data stolen.

Vulnerable Version:

This vulnerability was tested against cPanel and is believed to exist in all versions prior to the fixed builds below.

Fixed Version:

This vulnerability was patched in cPanel,,, &

Vendor Contact Timeline:

2013-07-17: Vendor contacted via email.
2013-08-27: Vendor confirms vulnerability.
2013-08-27: Vendor issues updates to all builds.
2013-08-29: Rack911 issues security advisory.