Sub-Domain Stealing
G
GJ
Currently anyone with a wildcard record added to their domain pointing to flash.funnels.msgsndr.com for convenience will be able to add multiple domains into GHL at once without adding those DNS records.
Any bad actor (GHL user) who recognizes this will be able to add multiple domains and could run unethical/illegal services using domains that don't belong to him/her. This is a security loophole and must be resolved immediately.
P.S. There are close to 20 domains of others in our group that have a wildcard DNS record. (could be more) and are vulnerable to this.
Log In
S
Simone Henry
Is this still the case?
G
GJ
Simone Henry: It was on the legacy platform, but needs to be tested after the move to Cloudflare for 'added security'. I've not moved over yet and unable to test but someone who's already done should be able to in theory.