CSRF Flaw Allowed Attackers to Hijack GoDaddy Domains

Posted by EM MAJ_COM On Wednesday, January 21, 2015
Internet domain registrar GoDaddy has rushed to fix a cross-site request forgery (CSRF) vulnerability that could have been leveraged by malicious actors to take over domains.

The flaw was identified on January 17 by New York-based security engineer Dylan Saccomanni while managing a domain. The expert realized that the company had not implemented any CSRF protections for many DNS management actions.

According to the researcher, an attacker could have exploited the vulnerability to edit nameservers, edit the zone file, and modify automatic renewal settings. 

Saccomanni has published proof-of-concept code for editing nameservers, disabling the auto-renew feature, and editing DNS records.

Continue reading at http://www.securityweek.com/csrf-flaw-allowed-attackers-hijack-godaddy-domains

Related Posts :



0 Response to "CSRF Flaw Allowed Attackers to Hijack GoDaddy Domains"

Post a Comment

First things first: Connect through one of the following social media tools below:
Enter your email address:
Subscribe to KING.NET by Email http://www.twitter.com/kingnet
http://www.randompage.com/profile/king
Moscom.com Web Hosting 24x7 Phone Support. The ultimate in performance, control, and convenience.

Get a Free Bitcoin

NeedName.com - Domain Name Registration and DNS Management.
Breeder.co - All about Pets.
Pet By OWner.
Moscom.com Web Hosting, SSL, Email, DomainName, and Dedicated Server.
For Ad Campaign, please send email to Support[@]Whaddya.com. Thank you.