Subdomain security is substandard, security researchers say • The Register

Abandoned or ignored subdomains often include overlooked vulnerabilities that leave organizations vulnerable to attack, according to a team of infosec researchers from Vienna University of Technology and Ca ‘Foscari University in Venice. The team’s work will be presented at the 30th USENIX Security Symposium in August.

Subdomain hijacking is nothing new, but this new research highlights that it is a weak point as organizations often forget to maintain them properly and mistakenly assume that access can only be obtained if it is. explicitly authorized by an administrator.

This laxity leaves subdomains open to a cookie-based attack in which an attacker configures their own site to replace an abandoned or expired subdomain hosted on a completely different server from the main website. Then, since websites generally consider their subdomains to be “safe,” cookies assigned to the main website can be overwritten and accessed by the subdomain, allowing an intruder to impersonate another user and to remove themselves from the web. carry out illicit activities.

Researchers also looked at other known methods of subdomain sabotage, such as suspended records, vulnerable to cookie attacks, cross-origin resource sharing, postMessage JavaScript attacks, and domain relaxation exploits. which allow scripts to run on related domains much like a browser. would prohibit.

The team scanned 50,000 of the world’s top websites, ranked by the Tranco List, and found 1520 vulnerable subdomains across 887 sites.

Some notable organizations with sensitive subdomains included Cisco, CNN, Harvard, and the US National Institutes of Health.

Researchers informed administrators of cybersecurity gaps where possible. Six months later, only 31% of the reported subdomains have been fixed.

Those with more subdomains have a larger “attack surface”, as evidenced by researchers who found that 15% of domains with more than 50,000 subdomains were vulnerable, compared to less than 2% of all. the sites. Academia was also at risk, as heterogeneous IT infrastructures for the public can require a large number of subdomains. Over seven percent of .edu sites had at least one subdomain vulnerability.

In their article, the team recognizes that finding vulnerable areas within a system is no simple task, and advised the following:

The researchers published their findings and their article on the cleverly titled site ®

About William Stockman

Check Also

How to stop Google from tracking your location: everything you need to know

Here is the step by step guide to prevent Google from tracking your location when …

Leave a Reply

Your email address will not be published. Required fields are marked *