low

Subdomain takeover via Azure Traffic Manager

Published Fri, Aug 10th, 2018

Platforms

Summary

Patrick Hudak demonstrated possible subdomain takeover using the Traffic Manager in Azure.

Affected Services

Traffic Manager

Remediation

Review your DNS zones and identify CNAME records that are dangling or have been taken over. For further recommendations, review Microsoft's article on subdomain takeovers (linked in references).

Tracked CVEs

No tracked CVEs

References

https://0xpatrik.com/subdomain-takeover-starbucks-ii/https://docs.microsoft.com/en-us/azure/security/fundamentals/subdomain-takeover

Contributed by https://github.com/0xdabbad00

Disclosure Date

Fri, Aug 10th, 2018

Exploitablity Period

ongoing

Known ITW Exploitation

Detection Methods

Piercing Index Rating

Discovered by

Patrick Hudak

More vulnerabilities...

medium

Bypassable and overly-privileged IAM policies

AWS has previously provided managed policies or guidance in documentation for policies with mistakes that allow them to be bypassed. Additionally, some policies are over-privileged. Date of disclos...

Multiple findings

Tue, Nov 7th, 2017

low

AWS Java SDK XXE injection

The AWS Java SDK was vulnerable to XML external entity (XXE) injection related to XML parsers.

Alex Brasetvik

Tue, Oct 10th, 2017

low

Public admin access to Azure's Red Hat Update Infrastructure

Full administrative access to the Azure Red Hat Enterprise Linux Appliance REST API was publicly exposed. It allowed malicious actors uploading packages that would be acquired by client virtual mac...

Ian Duffy

Sat, Nov 26th, 2016

View all