Password hashes truncated by 0x80 characters
cPanel has assigned a Security Level of “Moderate” to this vulnerability.
cPanel & WHM relies on the Crypt::Passwd::XS Perl module to perform password hashing. This module suffers from the same vulnerability disclosed in CVE-2012-2143 where passwords with the 0x80 character are truncated when hashed using the DES crypt algorithm. cPanel & WHM systems are configured by default to use the stronger MD5 and SHA512 crypt password hashing algorithms.
This vulnerability was discovered by the cPanel Quality Assurance Team.
This issue is resolved in the following builds:
* 188.8.131.52 and greater
* 184.108.40.206 and greater
* 220.127.116.11 and greater
Please update your cPanel & WHM system to one of the aforementioned versions or the latest public release available. A full listing of published versions can always be found at http://httpupdate.cpanel.net/.