Security Week 2325: Security of Domain Name Registries

On June 12, a study was published about a serious vulnerability in domain name registry software. CoCCA software is used to manage domains in zones such as .ai, .ms and .td. It uses a standardized Extensible Provisioning Protocol (EPP) to communicate with domain name registrars who need to make changes to the registry. A vulnerability in the XML request handler made it possible to hijack control over an entire domain zone and, for example, change entries for existing domain names or create new ones.
Earlier studies on "domain hijacking" usually focused on hacking DNS servers. However, in this case, everything turned out to be simpler and more dangerous: why attack DNS, if you can modify any information directly in the domain zone registry?