EZOIC Integration

Dear Cloudflare security team,

I want to address an issue regarding your partner site EZOIC. I have signed up on their website and they want to access my website’s DNS records for traffic analysis etc…

The issue:
They are prompting me to enter my Cloudflare username and password. I’m not comfortable sharing my whole account just for the sake of one website verification. They will have access to all of my websites that are on Cloudflare.

The next big issue is that they are taking my credentials in plain text format. This is a big concern as well, Why not just login with the Cloudflare app and authorize only the concerned website?

As a security company and partner with them, Cloudflare should impose a strict security layer like in general, we log in with Google and any related services and we gave access to only concerned app and service.

I brought this up in May. The feedback I got from Cloudflare is that Ezoic was an early partner before the API key was a thing.

I think it’s a terrible setup.

They need to, because they need to plug that into a Cloudflare login. Again, I think it’s it’s bad.

That’s one of many problems I find with Ezoic.

Granted, it’d be nice if Cloudflare told them to stop doing that, but there’s no way for Cloudflare to stop people from passing around plain text passwords.

Have you complained to Ezoic?

2 Likes