Bug in 123-Reg Panel Allows Unauthorized Domain Transfers.. maybe!

Thu, 21st March 2013, 15:05

El Reg is reporting a claim by a source that anyone with a hosting package from 123-Reg simply had to change the final section of the URL manually to be able to gain access to another site's emails, name servers and billing. El Reg has updated their report to state that Nominet is now clarifying “that 123-reg was not the only domain company involved. Four registrars had domain names that were affected"

The original story had 300 domain names misappropriated using a security flaw in 123-Reg control panel. The thief allegedly gained access and changed the contact details for UK registry Nominet to a new email address. A password reset request would be sent to the new email address.

The name game was up when Nominet discovered some irregularities in registration and renewal patterns after a query from a registrant last year.  As part of Nominet's standard operating procedures they locked the affected domains from any transfer or adjustment while they investigated further. Nominet has said that its investigations into the issue revealed a total of 300 domains had been transferred over to a new registrant in the post-expiry period without the permission of the original registrant.

Nominet has reportedly terminated their registrar agreement with one registrar.

The El Reg report says that neither Nominet or 123-Reg would comment on how the the breach had come about. Nominet says it couldn't elaborate any further because “we understand there is an ongoing police investigation into this issue while 123-Reg is offering its full support to resolve the matter.

A quick search in the 123-Reg blog reveals no mention of the incident although that is likely to change.