Project

General

Profile

Actions
Copy link

Bug #2585

closed

FreeDNS.afraid.org DDNS client sends in clear text

Added by Anonymous over 11 years ago. Updated over 9 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Dynamic DNS
Target version:
-
Start date:
08/09/2012
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
All

Description

FreeDNS.afraid.org DDNS client sends the "Authentication Token" (update URL) in clear text. The FreeDNS.afraid.org website warns of unauthorized access to the update URL.

The code affected in dyndns.class file:

case 'freedns':
$needIP = FALSE;
curl_setopt($ch, CURLOPT_URL, 'http://freedns.afraid.org/dynamic/update.php?' . $this->_dnsPass);

Thanks (and sorry for my bad English).

Actions
Copy link
 #1

Updated by Anonymous over 9 years ago

With the fix "Use HTTPS for dyndns providers that support it " included in the 2.1.5 release, this bug can be considered closed.
Thanks to developers for the fix.

Actions
Copy link
 #2

Updated by Renato Botelho over 9 years ago

  • Status changed from New to Resolved
Actions
Copy link

Also available in: Atom PDF