low

Subdomain takeover via Azure Traffic Manager

Published Fri, Aug 10th, 2018

Platforms

Summary

Patrick Hudak demonstrated possible subdomain takeover using the Traffic Manager in Azure.

Affected Services

Traffic Manager

Remediation

Review your DNS zones and identify CNAME records that are dangling or have been taken over. For further recommendations, review Microsoft's article on subdomain takeovers (linked in references).

Tracked CVEs

No tracked CVEs

References

https://0xpatrik.com/subdomain-takeover-starbucks-ii/https://docs.microsoft.com/en-us/azure/security/fundamentals/subdomain-takeover

Contributed by https://github.com/0xdabbad00

Entry Status

Finalized

Disclosure Date

Fri, Aug 10th, 2018

Exploitability Period

ongoing

Known ITW Exploitation

Detection Methods

None

Piercing Index Rating

Discovered by

Patrick Hudak

More vulnerabilities...

low

AWS ElasticSearch Index Name Leakage

Even for the AWS-managed ElasticSearch clusters that had not been made public, their index names could be learned.

Scott Piper, Duo SecurityMay 15, 2018

medium

Bypassable and overly-privileged IAM policies

AWS has previously provided managed policies or guidance in documentation for policies with mistakes that allow them to be bypassed. Additionally, some policies are over-privileged. Date of disclos...

Multiple findingsNov 7, 2017

low

AWS Java SDK XXE injection

The AWS Java SDK was vulnerable to XML external entity (XXE) injection related to XML parsers.

Alex BrasetvikOct 10, 2017

View all