Security Vulnerability: Web Socket external attack

patdevs

Recently, I have received few advertisement from social media which hacker or attacker take the aaPanel web socket loop hole to attack those servers are installed aaPanel.
Please take this seriously and patch the vulnerability as soon as possible, it might affect those servers are currently running aaPanel.
The vulnerable link: https://ssd-disclosure.com/ssd-advisory-aapanel-cswh-to-rce/
Thanks.

aaPanel_Captain

Tomorrow we will make a check

aaPanel_Captain

Thanks for the feedback, We will fix it in the next version

aaP_kotakomputer.ceo

HOW TO PREVENT THIS VULNERABILITY !!!

At least we can disable Terminal while you fix in the next version. So to delete aaPanel access to Terminal:

# rm /root/.ssh/* rm: remove regular file ‘/root/.ssh/authorized_keys’? y rm: remove regular file ‘/root/.ssh/id_rsa’? y rm: remove regular file ‘/root/.ssh/id_rsa.pub’? y #

Now try to access Terminal, then Password Warning appear, don't enter the password! Wait until aaPanel Developer fix it!

patdevs

@aaPanel_Captain @aaPanel_Jose may we know the ETA time for this fix?
Because this vulnerability has put our servers at dangerous level.