Security researcher Henry Hoggard has discovered a cross site request forgery(CSRF) vulnerability in the Namecheap website that could lead attackers to hijack the DNS records.
Namecheap’s DNS setup page was vulnerable to Cross Site Request Forgery, allowing attackers to set custom DNS servers for a target domain.
The researcher announced this vulnerability on their Blog. Which would let attackers hijack the DNS records and display a fake website on the target domain. Or redirect MX records and intercept email.
Hoggard said, This would have impacted all customers, which I’m sure is a lot of high profile websites, as Namecheap is one of the most popular domain registrars.
Namecheap implemented the vulnerability fix on their end. No user interaction is required to apply the patch.
Namecheap’s DNS setup page was vulnerable to Cross Site Request Forgery, allowing attackers to set custom DNS servers for a target domain.
The researcher announced this vulnerability on their Blog. Which would let attackers hijack the DNS records and display a fake website on the target domain. Or redirect MX records and intercept email.
Hoggard said, This would have impacted all customers, which I’m sure is a lot of high profile websites, as Namecheap is one of the most popular domain registrars.
Namecheap implemented the vulnerability fix on their end. No user interaction is required to apply the patch.
No comments:
Post a Comment