Misconfigured DNS
Misconfigured DNS
Overview of the Vulnerability
Domain Name System (DNS) misconfigurations can result in internal information being leaked publicly. The DNS misconfiguration identified on the endpoints allows an attacker to view the internal network structure of the domain, or transfer the zone file, for example. From here, the attacker can use this information to form other attacks on the network and its users.
Business Impact
This vulnerability can lead to reputational damage and indirect financial loss to the company as customers may view the application as insecure.
Steps to Reproduce
Login to the application at: {{url}}
Use {{software}} to gather information about the DNS
Proof of Concept (PoC)
The screenshot(s) below demonstrates the misconfigured DNS:
{{screenshot}}
Guidance
Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. This will speed triage time and result in faster rewards. DNS misconfigurations require some form of evidence that can be viewed by the team who triage this vulnerability.
Describe the impact of the DNS misconfiguration for this domain to the company. Answering the following questions may help you define the impact. What effect would this have towards their operations or their public image? How frequently is this domain used, and is this meant to be public facing?
Recommendation(s)
The DNS server should be configured to only reveal a limited amount of information needed to perform necessary tasks. This includes but is not limited to configuring to only accept zone transfers from a trusted list of IP addresses, and enabled appropriate records, such as CAA record. It is also best practice to clearly define and implement standard processes for the provisioning and deprovisioning of hosts. For example, ensure that all steps are performed closely together. When provisioning, claim the virtual host first, and create the DNS records last. When deprovisioning, remove the DNS records first.
Last updated