Hello
Today, March 30th, 2024, we made some changes to the Client Area that you may wish to be informed about.
As part of our dedication to protecting your information, and being transparent in our platform, we wanted to let you know that we resolved a non-critical vulnerability with todays updates. Prior to March 30th, 2024, it was possible for any internet user, regardless of TinkerHost account status, to view the status history of any hosting account, if they provided a valid username. Please note that this vulnerability only extends to the information provided on the /statushistory page, and any users who participated in exploiting the vulnerability were unable to view any of your personal information, or modify any of your account settings. At this time, we do not believe that this vulnerability was exploited in the wild. It was located by a member of our team during todays upgrades.
Additionally, we made the following changes to our platform today:
We updated the URLs for viewing accounts, SSL certificates, support tickets, and your profile page to be more memorable, and easier to remember. Accessing the old URLs for these pages will not result in an error, as the system will quietly redirect you to the new URL.
We did some additional clean-up work on how URLs are displayed
We updated the language used on the /ssls (Previously /myssl) page to help you better understand the pages content
We fixed some bug, and did some work to resolve, and prevent error messages throughout the system
If you have any questions regarding todays updates, or our approach to vulnerabilities and public disclosure, please reply to this post, or send us an email at hello[at]tinkerhost[dot]net.