In cPanel prior to 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549).
cpanel cpanel