Description

The software performs reverse DNS resolution on an IP address to obtain the hostname and make a security decision, but it does not properly ensure that the IP address is truly associated with the hostname.

Modes of Introduction:

– Architecture and Design

Related Weaknesses

CWE-290
CWE-923
CWE-807
CWE-923

Consequences

Access Control: Gain Privileges or Assume Identity, Bypass Protection Mechanism

Malicious users can fake authentication information by providing false DNS information.

Potential Mitigations

Phase: Architecture and Design

Description: 

Use other means of identity verification that cannot be simply spoofed. Possibilities include a username/password or certificate.

Phase: Implementation

Description: 

Perform proper forward and reverse DNS lookups to detect DNS spoofing.

CVE References

• CVE-2001-1488
  • Does not do double-reverse lookup to prevent DNS spoofing.

• CVE-2001-1500
  • Does not verify reverse-resolved hostnames in DNS.

• CVE-2000-1221
  • Authentication bypass using spoofed reverse-resolved DNS hostnames.

• CVE-2002-0804
  • Authentication bypass using spoofed reverse-resolved DNS hostnames.

• CVE-2001-1155
  • Filter does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing.

• CVE-2004-0892
  • Reverse DNS lookup used to spoof trusted content in intermediary.

• CVE-2003-0981
  • Product records the reverse DNS name of a visitor in the logs, allowing spoofing and resultant XSS.