This is not regarding a reseller, this is pertaining to a top level registrar. I am posting this asking for what the next step should be, as I have contacted them twice in the last 3 months regarding this, and have not received a response, nor has the hole been fixed. I will not post the registrar or the hole, as it can be used to hijack any domain registered with this registrar, but here is an example: My client was having issues getting their information from their registrar, due to address and email change. He no longer remembered his password and needed to update some information. I told him I would look into it for him and went to the registrars page. I noticed a way to gain admin access without having the login name or password. I contacted my client and asked for permission to make some changes. It worked, I was able to update all contact info, email addresses, and nameservers. The whois reflects the changes I have made, and the site resolves to the server that I changed the nameservers to....This is a scary situation! Is the next step to contact ICANN, and notify them of this problem with a registrar? Should I give them another chance to respond first? Phone calls go to voicemail, and although I have left a number, I haven't received a call back regarding this. The potential for abuse is astronomical!
