Trusting Self-reported DNS Name| ID: 292 | Date: (C)2012-05-14 (M)2022-10-10 |
| Type: weakness | Status: INCOMPLETE |
| Abstraction Type: Variant |
Description
The use of self-reported DNS names as authentication is flawed
and can easily be spoofed by malicious users.
Likelihood of Exploit: High
Applicable PlatformsLanguage Class: All
Time Of Introduction
Related Attack Patterns
Common Consequences
| Scope | Technical Impact | Notes |
|---|
| Access_Control | Gain privileges / assume
identity | Malicious users can fake authentication information by providing false
DNS information. |
Detection MethodsNone
Potential Mitigations
| Phase | Strategy | Description | Effectiveness | Notes |
|---|
| Architecture and Design | | Use other means of identity verification that cannot be simply
spoofed. Possibilities include a username/password or
certificate. | | |
| Implementation | | Perform proper forward and reverse DNS lookups to detect DNS spoofing. | | |
Relationships
| Related CWE | Type | View | Chain |
|---|
| CWE-292 ChildOf CWE-898 | Category | CWE-888 | |
Demonstrative Examples (Details)
- In these examples, a connection is established if a request is made
by a trusted host.
- The following code samples use a DNS lookup in order to decide
whether or not an inbound request is from a trusted host. If an attacker can
poison the DNS cache, they can gain trusted status. (Demonstrative Example Id DX-93)
Observed Examples
- CVE-2009-1048 : VOIP product allows authentication bypass using 127.0.0.1 in the Host header.
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
| Taxynomy | Id | Name | Fit |
|---|
| CLASP | | Trusting self-reported DNS name | |
References:None
