Hackers could have used CSRF at GoDaddy to mess with your domains.
A security expert reported that a Cross-Site Request Forgery (CRSF) vulnerability at GoDaddy, allowed third parties to potentially edit and manipulate domain records arbitrarily.
“While I was managing an old domain in GoDaddy, I noticed that there was absolutely no cross-site request forgery protection at all on many GoDaddy DNS management actions, which are state-changing POST requests (no CSRF token in request body or headers, and no enforcement of Referer or Content-Type). In fact, you could edit nameservers, change auto-renew settings and edit the zone file entirely without any CSRF protection in the request body or headers.”
After reporting the flaw to GoDaddy on January 17th, the biggest domain registrar in the world implemented CSRF protection for sensitive account actions yesterday.
The CRSF vulnerability would allow for the effective hijacking of a domain’s records.
The security expert, New York-based security engineer Dylan Saccomanni should be commended for his actions of informing GoDaddy about this important security flaw.
There is no information, currently, whether this security flaw was utilized “in the wild” in order to modify or steal domain names registered at GoDaddy.
For more information on the incident, click here.
