Your Web News in One Place

An Interest In:

Web News this Week

Search Archive

Some of Our Sources

View All Sources

Help Webnuz

Referal links:

Sign up for GreenGeeks web hosting
January 14, 2019 09:30 pm

Web Hosting Sites Bluehost, DreamHost, Hostgator, OVH and iPage Were Vulnerable To Simple Account Takeover Hacks

A security researcher has found, reported and now disclosed a dozen bugs that made it easy to steal sensitive information or take over any customer's account from some of the largest web hosting companies on the internet. From a news report: In some cases, clicking on a simple link would have been enough for Paulos Yibelo, a well-known and respected bug hunter, to take over the accounts of anyone using five large hosting providers -- Bluehost, DreamHost, Hostgator, OVH and iPage. "All five had at least one serious vulnerability allowing a user account hijack," he told TechCrunch, with which he shared his findings before going public. The results of his vulnerability testing likely wouldn't fill customers with much confidence. The bugs, now fixed -- according to Yibelo's writeup -- represent cases of aging infrastructure, complicated and sprawling web-based back-end systems and companies each with a massive user base -- with the potential to go easily wrong. In all, the bugs could have been used to target any number of the collective two million domains under Endurance-owned Bluehost, Hostgator and iPage, DreamHost's one million domains and OVH's four million domains -- totaling some seven million domains.

at Slashdot.


Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/4I-rxkThVUo/web-hosting-sites-bluehost-dreamhost-hostgator-ovh-and-ipage-were-vulnerable-to-simple-acc

Share this article:    Share on Facebook
View Full Article

Slashdot

Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..

More About this Source Visit Slashdot