Researcher Dylan Saccomanni reported discovery of a vulnerability in the DNS settings of the webpage of the largest registrar GoDaddy. According to him, the webpage was vulnerable to the Сross Site Request Forgery. The attack involves creation of forged pages. In case a user visits them, requests are sent to other pages on their behalf, where he/she is authorized at the moment.
Saccomanni paid attention to exactly this lack of protection from these kind of false requests. He notes that this vulnerability opened wide opportunities for hackers to appropriate other domains: for example, by changing the name of the DNS server, DNS settings or settings of automatic update. The result in all those cases would be the same: domain registered through GoDaddy sooner or later the would transfer under hackers’ control.
The vulnerability was fixed in 48 hours after the researcher reported it to the GoDaddy. However, Saccomanni laments that he had to spend a lot of time and effort to reach out to GoDaddy. “The reply that I received from customer support was that 1. the security email address isn’t being actively monitored for incoming email and 2. thanking me for the feedback, but there was no timeline for a fix,” Dylan Saccomanni said. “I wish I could give you a security contact because I wish I got one myself, but they didn’t even allow me to try and speak with a security engineer directly, which is a vastly disappointing security posture for a large domain registrar.”
