Difference between revisions of "Trusting self-reported DNS name"

Jump to: navigation, search
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
[[Category:FIXME|This is the text from the old template. This needs to be rewritten using the new template.]]
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
[[ASDR_TOC_Vulnerabilities|Vulnerabilities Table of Contents]]
[[ASDR_TOC_Vulnerabilities|Vulnerabilities Table of Contents]]
[[ASDR Table of Contents]]

Latest revision as of 19:54, 20 February 2009

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

Last revision (mm/dd/yy): 02/20/2009

Vulnerabilities Table of Contents


The use of self-reported DNS names as authentication is flawed and can easily be spoofed by malicious users.


Authentication: Malicious users can fake authentication information by providing false DNS information.

Exposure period

  • Design: Authentication methods are generally chosen during the design phase of development.


  • Languages: All
  • Operating platforms: All

Required resources




Likelihood of exploit


As DNS names can be easily spoofed or mis-reported, they do not constitute a valid authentication mechanism. Alternate methods should be used if the significant authentication is necessary.

In addition, DNS name resolution as authentication would - even if it was a valid means of authentication - imply a trust relationship with the DNS servers used, as well as all of the servers they refer to.

Risk Factors

  • Talk about the factors that make this vulnerability likely or unlikely to actually happen
  • Discuss the technical impact of a successful exploit of this vulnerability
  • Consider the likely [business impacts] of a successful attack


In C/C++:

sd = socket(AF_INET, SOCK_DGRAM, 0);
serv.sin_family = AF_INET;
serv.sin_addr.s_addr = htonl(INADDR_ANY);
servr.sin_port = htons(1008);
bind(sd, (struct sockaddr *) & serv, sizeof(serv));
while (1) {
  memset(msg, 0x0, MAX_MSG);
  clilen = sizeof(cli);
  if (h->h_name==...)
  n = recvfrom(sd, msg, MAX_MSG, 0,
              (struct sockaddr *) & cli, &clilen);

In Java:

while(true) {
  DatagramPacket rp=new DatagramPacket(rData,rData.length);
  String in = new String(p.getData(),0, rp.getLength());
  InetAddress IPAddress = rp.getAddress();
  int port = rp.getPort();
  if ((rp.getHostName()==...) && (in==...)){
    out = secret.getBytes();
    DatagramPacket sp =new DatagramPacket(out,out.length,
      IPAddress, port);

Related Attacks

Related Vulnerabilities

Related Controls

  • Design: Use other means of identity verification that cannot be simply spoofed.

Related Technical Impacts