More bugs at Enom: Hijacking .uk domains with eNom

[Kate]

Hijacking .uk domains with eNom

Vulnerability & description
Update: eNom have disabled inter-account .uk transfers as of 2017-09-02 which mitigates this issue. Inter-account .uk transfers are no longer vulnerable as they are no longer possible without manual assistance from eNom. The details below are for reference only.

eNom allows zero-confirmation .uk domain transfers between reseller accounts. This bypasses all account security and usual domain transfer authorisation. Combined with instant IPS tag changes at Nominet, the .uk regional registrar, .uk domains can be hijacked within minutes and placed into a state where only a manual access restoration procedure with Nominet can recover the domains.

This vulnerability is accessible to and impacts anyone with an eNom account or anyone with an account with an eNom reseller which provides automated domain transfers.

The vulnerability is within eNom's .uk transfer system and impacts .uk domains only. It does not impact second level .??.uk domains such as .co.uk and .org.uk.

Advisory: https://m.pr/enom-advisory-20170901.html

 

[maherafrasiab]

this is really bad. They should fix it asap.

 

[Hypersot]

this is really bad. They should fix it asap.

according to the article and as of the 2nd of September, the automatic inter-account transfer for .uk's has been disabled.

 

[usernamex]

Yes, eNom fixed the issue - 122 days after it was first discovered! What a catastrophe of errors.

Discovery date: 2017-05-02
Publish date: 2017-09-01 (+122 days)

 

[Kate]

Indeed, very poor handling of the situation.

Moreover Enom had a similar bug many years ago affecting the internal push (not sure they even fixed it).
Who knows how many bugs are still hidden in the system.