Skip navigation
Menu
GoDaddy Patches Vulnerability That Could Allow Hackers to Hijack Customer Domains
(Photo: TechCrunch)
Shared

GoDaddy Patches Vulnerability That Could Allow Hackers to Hijack Customer Domains

Vulnerability was discovered by independent security engineer and fixed within 48 hours.

logo-WHIR

This article originally appeared at The WHIR

A vulnerability that could allow GoDaddy customer domains to be taken over has been patched. The vulnerability was discovered by independent security engineer Dylan Saccomanni on Saturday, and fixed within 48 hours.

Saccomanni published a post on Sunday detailing the vulnerability. This vulnerability means that if an attacker successfully lured a GoDaddy customer to a site hosting an attack, the attacker could edit nameservers or change other DNS management settings, and take over the site.

After discovering the vulnerability, Saccomanni made a series of attempts to notify GoDaddy. Finding that he could not reach GoDaddy through a couple of email addresses typically monitored within the industry, and that Google searches and phoning support did not provide the contact he was looking for, Saccomanni reached the company publicly through Twitter.

Cross-site request forgery, or CSRF, is characterized by Threatpost as “a chronic web application vulnerability,” and Saccomanni told Threatpost that it wouldn’t be difficult to exploit.

“A user could have a domain de facto taken over in several ways. If nameservers are changed, an attacker changes the domain’s nameservers (which dictates what server has control of DNS settings for that domain) over to his own nameservers, immediately having full and complete control,” Saccomanni said. “If DNS settings are changed, he simply points the victim’s domain towards an IP address under his control. If the auto-renew function is changed, the attacker will try to rely on a user forgetting to renew their domain purchase for a relatively high-profile domain, then buy it as soon as it expires.”

Saccomanni expressed frustration at the challenges he had reaching GoDaddy, and that they would not let him speak directly to a security engineer.

Microsoft and Google have accused each other of self-serving security policiesfollowing Google’s publication of a zero-day Windows vulnerability, after Microsoft requested they delay the disclosure, and before it was patched.

The WHIR contacted GoDaddy for comment but had not heard back as of publication.

This article originally appeared at: http://www.thewhir.com/web-hosting-news/godaddy-patches-vulnerability-allow-hackers-hijack-customer-domains

Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
Thinkstock Photos
Microsoft-Backed Security Startups Outsmart Hackers with Hackers
Jul 13, 2017
Verizon
Millions of Verizon Customer Records Exposed through Open Amazon S3 Bucket
Jul 13, 2017
Microsoft
Azure Stack to Ship in September; Hardware on Sale Starting Today
Jul 11, 2017
Beneath Red Hat’s and Oracle’s Earnings Reports
Beneath Red Hat’s and Oracle’s Earnings Reports
Jun 26, 2017