Cloudflare Registrar reveals private WHOIS data

For the .com / .org / .info / .city zone, you have a leak of the “Registrant State/Province” field for the WHOIS service, the region of the domain registrant is revealed, which can be used to determine country affiliation.
In hackerone.com, the bug has still not even been considered in the “Critical” status; all this time, domains maintained by Cloudflare Registrar are being parsed and information from WHOIS is being stored in databases.
tgahn

It’s not leaking or a bug, it’s policy…

See 9.1.4 and 9.1.5…
https://www.icann.org/resources/pages/registration-data-policy-2024-02-21-en#domain-name-registration-data

1 Like

Doesn’t it bother you that there is a Private Person for the user’s personal data, and that 9.1.5 and 9.1.6 are not executed by Cloudflare?

@user3342: I’ll recommend you take it up with ICANN to change their policy on this, as Cloudflare Registrar is merely following ICANN’s policy which they’re required to follow.

Alternatively, you could use a registrar that offers “Domain Registration Proxy” service.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.