Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » CSRF flaw allowed attackers to hijack GoDaddy domains

CSRF flaw allowed attackers to hijack GoDaddy domains


Securityweek - (International) A security researcher discovered that Internet domain registrar GoDaddy failed to implement any cross-site request forgery (CSRF) protections for many DNS management actions which an attacker could have exploited to edit nameservers, edit DNS records, and modify automatic renewal settings. GoDaddy took measures to fix the vulnerability and introduced CSRF protections for sensitive account actions January 19.


Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at:

Last Updated: 27 May 2016 10:23:11