EVERYONE with a RegisterFly.com domain, go to http://www.flyservers.com/build/lost.php and enter your email address that you have registered that domain with. You will then receive your username and password.

Login into your Flyservers account and change the password! I have notified Registerfly of this vulnerability.

What vulnerability? That it will e-mail your user name and password to you? How is that a vulnerability?

When you see the username and password, you will understand.

Um, how about you just tell us rather than playing games?

Its 4am and i'm sure anybody reading this would rather you just tell us.

I am playing games? Maybe you need to go catch some sleep then!

I gave instructions above, what do you need a manual so that hell breaks loose?

If you have an account with Registerfly you will understand. If not, you have nothing to fix.

TC, did u eat a space-Toblerone? :D

I just got my flyservers password and I don't get the vulnerability neither.:(

wwww, I PM'ed you. If I am correct, confirm it here please, as I have confirmed it myself and with other users. Don't post details here, anyone with an account with Registerfly and 1/4 of ounce of brains will understand what I am talking about.

Can you pm me aswell, got one domain there :eek:

Well, it looks like that there is really a vulnerability, but it doesn't affect all registerfly user.

I think it's better if you guys do what TC suggested anyway. Don't worry if you can't find anything strange. But if you do, then you will know. Better being safe than sorry :)


TC I pm'ed you more details.

Apparently it affects new registrations, e.g. .US domains that were introduced in the past 3 days, but confirmed it with new .ORG as well.

I would not raise an alarm if at least another user would not verify it.

Originally posted by timechange
When you see the username and password, you will understand.
Well I have a bunch of names as Registerfly and I got my user names and passwords e-mailed to me and nothing looks strange that I can see. So whatever it is you're talking about isn't affecting everyone (unless it's affecting me in some manner I'm not aware of).

OK, I guess I have to be explicit, since it affects some users and some are not affected.

The username and password I am referring to is NOT your Registerfly.com one (the one you created an account for) but the one Flyservers.com issues for the free hosting of that domain.

As it happened with me and 2 other confirmed individuals, that second pair of username/pass is NOT the same as the one for the account of Registerfly. Instead:

your username is : domain.tld e.g. "domain.us"
your password is : "changeme"

That's it.

Update:

Notified SecurityFocus and they confirmed it and are in touch with RegisterFly.

The rest of you, change your passwords :D