Open luelista opened 6 years ago
Will test for this when I have time. Going through the code as we speak to see if I can find anything "weird". I will push some "dirty" fixes like the auto-md5 to sha1/sha512 and make sure those are pushed to this as well. I'll also add all the DNSSEC related information etc. when I find some spare time.
I noticed that FreshDNS is vulnerable to Cross-Site Request Forgery, allowing an attacker to e.g. delete all zones on your server if they can get you to load a website containing their javascript while you're logged in to FreshDNS in the same browser. It is fixed (hopefully) in my merge request #6