Security News > 2021 > June > Subdomain security is substandard, say security researchers
Abandoned or ignored subdomains often include overlooked vulnerabilities that leave organisations open to attack, according to a team of infosec researchers from the Vienna University of Technology and the Ca' Foscari University of Venice.
That laxity leaves subdomains open to a cookie-based attack in which an attacker sets up their own site to replace an abandoned or expired subdomain hosted on a completely different server from the main web site.
As web sites typically consider their subdomains "Safe," cookies assigned to the main web site can be overwritten and accessed by the subdomain, thus allowing an intruder to impersonate another user and conduct illicit activities.
The researchers also looked at other known methods of subdomain sabotage - such as dangling records, vulnerable to attacks against cookies, cross-origin resource sharing, postMessage JavaScript attacks, and domain relaxation exploits that allow scripts to work across related domains in ways that a browser would prohibit.
The team scanned 50,000 of the world's most important web sites as ranked by the Tranco list, and found 1520 vulnerable subdomains across 887 sites.
Those with more subdomains have a larger "Attack surface," evidenced by the researchers finding 15 per cent of the domains with more than 50,000 subdomains vulnerable, compared to less than two per cent of all sites.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/06/30/subdomain_vulnerabiilties/
Related news
- Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries (source)
- WeChat devs introduced security flaws when they modded TLS, say researchers (source)
- Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers (source)
- Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security (source)
- Germany drafts law to protect researchers who find security flaws (source)