A team of information security researchers from the Vienna University of Technology and the Ca’ Foscari University of Venice warned that abandoned or unattended subdomains often include overlooked vulnerabilities that leave organizations open to cyberattack.

Subdomains remain vulnerable to a cookie-based attack in which an attacker sets up their own site to replace an abandoned or expired subdomain hosted on a server. Then, as websites typically consider their subdomains “safe,” the cookies assigned to the main site can be overwritten and accessed by the subdomain, thus allowing an attacker to impersonate another user and conduct illicit activities.

The team scanned 50,000 of the world’s most popular websites as ranked by the Tranco list, and found 1,520 vulnerable subdomains across 887 sites.

The researchers recommend that the companies review all the DNS records of type CNAME pointing to external domains, and all A/AAAA records pointing to IP addresses that are not directly controlled by organization. If any of the pointed resources are not used anymore, you should remove the corresponding DNS records for security reasons.

Source: securitylab.ru