[Full-Disclosure] Verisign Login Hijacking

[SoloNet Newsfeed <newsfeed@xxxxxxxx>]

I recently received an e-mail from a customer I deal with who needed 
some technical assistance with a domain hosted on Verisign. He included 
his login and password, which was useful, but what threw me for a loop 
was the URL from his session which he included. I clicked on it, just 
out of morbid curiocity, and voila, no login required... I got in to the 
page where I could change DNS redirects, ownership, and even 
credit/billing information. I did the requested DNS server changes, but 
if I was malicious, I could have done much, much more. Given the 
coverage of the past few years of the SEX.COM debate, I find this thype 
of poor security and agregious programming even more relevant given 
Verisign's obnoxious attitude towards the Internet community of late. 
Simply putting a sniffer on a net segment and capturing the URL can 
prove invaluable with possibly exploiting the error.

The example format that Verisign uses whch allows for login-less access 
to the account administration (which, back in the good old days, 
required e-mail verification, Crypt-PW or even PGP, makes this 
laughable) Enjoy folks, here's your example URL:


https://www.networksolutions.com/en_US/manage-it/domain-detail.jhtml;jsessionid=XXXXXXXXXXXXXXXXXXXXXXX?accountId=11111111&instanceId=AA.B.22222222&home=true&_requestid=33333

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html