Actions
Bug #2585
closedFreeDNS.afraid.org DDNS client sends in clear text
Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Dynamic DNS
Target version:
-
Start date:
08/09/2012
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
All
Description
FreeDNS.afraid.org DDNS client sends the "Authentication Token" (update URL) in clear text. The FreeDNS.afraid.org website warns of unauthorized access to the update URL.
The code affected in dyndns.class
file:
case 'freedns':
$needIP = FALSE;
curl_setopt($ch, CURLOPT_URL, 'http://freedns.afraid.org/dynamic/update.php?' . $this->_dnsPass);
Thanks (and sorry for my bad English).
Updated by Anonymous over 9 years ago
With the fix "Use HTTPS for dyndns providers that support it " included in the 2.1.5 release, this bug can be considered closed.
Thanks to developers for the fix.
Actions