Flaws in Tonga’s top-level domain left Google, Amazon, Tether web services vulnerable to takeover.
Attackers could have modified the nameservers of any domain under Tonga’s country code top-level domain (ccTLD) due to a vulnerability in the TLD registrar’s website, security researchers have revealed.
With a Google search for ‘.to’ pages yielding nearly 513 million results, the flaw gave potential miscreants countless possible targets for a variety of large-scale attacks.
Fortunately, malicious exploitation was averted because the Tonga Network Information Center (Tonic) was “very responsive” in fixing the bug in under 24 hours after web security firm Palisade alerted them on October 8, 2021, a Palisade blog post reveals.
Once logged in, they could overwrite these domains’ DNS settings and reroute traffic to their own website.
The attacker could then steal cookies and local browser storage and therefore access victim sessions, among other attacks.
read more
Attackers could have modified the nameservers of any domain under Tonga’s country code top-level domain (ccTLD) due to a vulnerability in the TLD registrar’s website, security researchers have revealed.
With a Google search for ‘.to’ pages yielding nearly 513 million results, the flaw gave potential miscreants countless possible targets for a variety of large-scale attacks.
Fortunately, malicious exploitation was averted because the Tonga Network Information Center (Tonic) was “very responsive” in fixing the bug in under 24 hours after web security firm Palisade alerted them on October 8, 2021, a Palisade blog post reveals.
Rerouting traffic
Sam Curry and other Palisade researchers discovered an SQL injection vulnerability on the registrar website, abuse of which could enable attackers to obtain the plaintext DNS master passwords for .to domains.Once logged in, they could overwrite these domains’ DNS settings and reroute traffic to their own website.
The attacker could then steal cookies and local browser storage and therefore access victim sessions, among other attacks.
read more
