[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Enom.com security contact? (Account Hijacking -- Google Apps integrations vulnerable)

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] Enom.com security contact? (Account Hijacking -- Google Apps integrations vulnerable)
From: Kristian Erik Hermansen <kristian.hermansen@xxxxxxxxx>
Date: Mon, 16 Jun 2014 15:12:04 -0700

Hello! :)

Anyone have a security contact at Enom? I believe I have located an
arbitrary account hijacking issue that affects all Google Apps domains
that utilize Enom for the domain registrar integration. This could
potentially be 100,000s of Google Apps / Enom domains. Google Security
does not handle issues in third-party integrations, otherwise I would
escalate with them.

Any contacts you can share would be greatly appreciated, thanks!
-- 
Regards,

Kristian Erik Hermansen
https://www.linkedin.com/in/kristianhermansen
https://google.com/+KristianHermansen

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] Onnto RAID Master rev358 for OS X - multiple remote vulnerabilities
Next by Date: [FD] [CVE-2014-3005]Zabbix 1.8.x-2.2.x Local File Inclusion via XXE Attack
Previous by thread: [FD] Onnto RAID Master rev358 for OS X - multiple remote vulnerabilities
Next by thread: [FD] [CVE-2014-3005]Zabbix 1.8.x-2.2.x Local File Inclusion via XXE Attack
Index(es):
- Date
- Thread