| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3F730884.8010100@solo.net> From: newsfeed at solo.net (SoloNet Newsfeed) Subject: Verisign Login Hijacking I recently received an e-mail from a customer I deal with who needed some technical assistance with a domain hosted on Verisign. He included his login and password, which was useful, but what threw me for a loop was the URL from his session which he included. I clicked on it, just out of morbid curiocity, and voila, no login required... I got in to the page where I could change DNS redirects, ownership, and even credit/billing information. I did the requested DNS server changes, but if I was malicious, I could have done much, much more. Given the coverage of the past few years of the SEX.COM debate, I find this thype of poor security and agregious programming even more relevant given Verisign's obnoxious attitude towards the Internet community of late. Simply putting a sniffer on a net segment and capturing the URL can prove invaluable with possibly exploiting the error. The example format that Verisign uses whch allows for login-less access to the account administration (which, back in the good old days, required e-mail verification, Crypt-PW or even PGP, makes this laughable) Enjoy folks, here's your example URL: https://www.networksolutions.com/en_US/manage-it/domain-detail.jhtml;jsessionid=XXXXXXXXXXXXXXXXXXXXXXX?accountId=11111111&instanceId=AA.B.22222222&home=true&_requestid=33333
Powered by blists - more mailing lists