Critical WHOIS Vulnerability Exposed: Security Researcher Manipulates Certificate Authority Emails 🕵️‍♂️

TheJoker · September 12, 2024, 6:04pm

Summary:

Discovery of Vulnerability
Security researcher Benjamin Harris revealed a critical flaw in the WHOIS system by registering an expired domain used by .mobi’s authoritative WHOIS server, gaining unauthorized access to sensitive data.
Rogue Server Exploit
The rogue WHOIS server received millions of queries and allowed Harris to control email addresses used by certificate authorities, such as GlobalSign, for domain verification processes.
Ethical Considerations
Harris halted further testing to avoid unethical consequences, highlighting systemic weaknesses in WHOIS client configurations and broader internet infrastructure management.

Read more at: Ars Technica

Topic	Replies	Views
Crooks Exploit Google's Email Verification to Access Third-Party Services 🔒 News & Articles hacking	101	July 27, 2024
Attackers Target Zimbra Servers: Critical Vulnerability Exploited via CC'd Emails! ⚠️ News & Articles hacking , email	62	October 3, 2024
Internet Archive Users Get Emails from Hackers Criticizing Unfixed Security Flaw! 📧 News & Articles hacking	95	October 22, 2024
🌐 Mac and Windows Users Infected By Software Updates Delivered Over Hacked ISP News & Articles hacking	129	August 7, 2024
Kia's Web Portal Bug: Researchers Can Track and Hack Your Car! 🚗 News & Articles tools , hacking	77	September 28, 2024