Tomato & Namecheap Vulnerability

written by Daniel Schep on 2012-12-04

I discovered today that Tomato's Namecheap Dynamic DNS updater support use HTTP with passwords in the GET parameters.

This means your passwords are super easy to sniff on the wire. Don't use it.

Namecheap shouldn't be accepting this sort of request with out HTTPS and Tomato shouldn't be using it.

Here's how I found it:

Password has obviously already been regenerated.

Simple alternative

Curl on any linux box will serve the purpose nicely (note the https://):

curl "https://dynamicdns.park-your-domain.com/update?host=$HOST&domain=$DOMAIN&password=$PASSWORD&ip=`curl -s http://my-ip.heroku.com/`"