cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Why won't you fix this?

I have reported an Information Disclosure vulnerability that discloses your cPanel username and full  previously, not just once, but thrice. The first time I was brushed off and was told to go buy a VPS if I want this fixed (This happened 3 months ago). The second and third time GoDaddy responded that they will fix it but as of the time I am writing this the issue was not fixed.  I find this to be a very irresponsible behaviour for such a large company since the fix should take only a minute and is very simple. I will publish all of the details related to the vulnerability in 1 week time unless I receive a proper response/a fix from GoDaddy.

2 REPLIES 2

Waiting for a response.

Moderator
Moderator

Hey @giangnguyen,

 

Sorry for the delay getting back to you on this matter. I can understand how this might be alarming; but be aware that even if a username is displayed in a URL address, we still have multiple security measures in place within our shared hosting environment to prevent brute force attacks. 

That being said, we still take security very seriously and want to be sure we fully understand the vulnerability concerns being encountered. Since I'm not a system expert, I've reached out to our admin team concerning this matter. After multiple tests on our end, the issue described could only be duplicated with a custom .htaccess uploaded into the environment to cause a redirect path that generated the username for the hosted site. If you have such a file uploaded into your own hosting account, I'd recommend reviewing all redirect scripting lines as this is the likely cause of the issue. You can confirm this by temporarily disabling the file and re-testing the URL link you first encountered the error with. 

Appreciate you taking the time to bring this to our attention. Look forward to getting this fully worked out with you. 

 

CG - GoDaddy | Community Moderator
24/7 support available at x.co/247support