[German]How easy is it to hack webhosters where users set up their websites? Some security experts have looked into this question and examined five hosters for vulnerabilities. The results are frightening.
The aim of a security audit was to see whether websites hosted by Bluehost, Dreamhost, HostGator, OVH or iPage could be compromised by client-side vulnerabilities. Unfortunately, security researchers have found at least one client-side vulnerability in all platforms tested that could be exploited if the victim clicked on a link or visited a malicious website. The security audit was conducted by Paulos Yibelo.
- Bluehost: Multiple Account Takeover and Information Leak Vulnerabilities
- Dreamhost: XSS and Information Disclosure Vulnerabilities
- HostGator: Information Disclosure and Multiple Vulnerabilities
- OVH: Information Disclosure and Multiple Vulnerabilities
- iPage: Account Takeover and Multiple Vulnerabilities
The conclusion is that the above mentioned hosters have all multiple vulnerabilities, that puts their users at risk.
in their safety like a Swiss cheese. If you are interested, the team of Websiteplanet.com has published an article with details here. The team from websiteplanet.com has published this article with details. The websiteplanet.com team reported the vulnerabilities to all the web hosts, and they all reported these vulnerabilities fixed late last week. The websiteplanet.com team estimate similar vulnerabilities still exist among other web hosting services that they didn’t examine.