Industry News

Turkmenistan TLD Leaks Domain Data, Unencrypted Passwords

A group of pentesters in Iran have successfully breached Turkmenistan’s Domain Registry and gained access to the name-server management console for the registered .tm domains.

The hackers say they found a way to inject SQL code in hidden form fields with insufficient validation and input sanitization. The attack yielded a complete database dump, which one would expect to contain customer names, e-mail addresses and hashed passwords. Wrong. Just like the Romanian Domain Registry RoTLD, the Turmeni website was also storing passwords in plain text, readily available for abuse.

“In the term of data gathering, we made the attack automatically and dumped all the database. Another considerable note was the passwords, they have been saved in clear text and this is an unacceptable issue for a NIC of a country,” reads the blog post (since it contains the actual dump, we won’t be linking to it here).

Among domains registered with the website are,,,,, and other zillion-user-per-day sites. Since authentication to the NS management control panel is done via e-mail address and password (both leaked in plain-text), the impact of the incident is easy to grasp: an attacker could pick up any domain name from the list, craft a phishing page, then hijack the DNS entries in the control panel to the server that hosts the phony page.

It’s 2013 and most programming languages have built-in support for the most popular (and even most obscure) digest algorithms. It only takes a couple of lines to import and use the library, making the e-world a better place for your customers.

PS: If you happen to grab a copy of the leaked data, have a look at how secure the password used by world’s most prominent technology makers are.

Now, repeat after me: account security – you’re doing it wrong.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.


Click here to post a comment
  • your p.s. make me curious, so i search for that dump

    google99 ,laser19, motor, Norma, wendy , becool1, VApass, bombomb,sunshine

    nice passwords :))

    and, in this time that i write this post… seems that …”another NIC data leakage (NIC.LK)”

    • I always wondered how these accounts havenÈ›t been jacked by now. Given the (lack of) complexity and its sheer predictability, it would be defeated in a matter of seconds via dictionary.

      • before see that pass list, i presume that they use some pass like this
        “f7H6@#G$%^)n jh^V534G” anyway something that one time is hashed, take at least few years to brute mb5/sha/etc

        so, is possible that no one think to make dictionary pass attack, to a top level domain :))

        someone will have to answer to a question: sunshine, who is wendy? :-w

  • Good day! Do you know if they make any plugins to help with Search Engine Optimization?
    I’m trying to get my blog to rank for some targeted keywords but
    I’m not seeing very good gains. If you know of any please share.
    Thank you!