CWE-350 – Reliance on Reverse DNS Resolution for a Security-Critical Action

Read Time:1 Minute, 8 Second

Description

The software performs reverse DNS resolution on an IP address to obtain the hostname and make a security decision, but it does not properly ensure that the IP address is truly associated with the hostname.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-290
CWE-923
CWE-807
CWE-923

 

Consequences

Access Control: Gain Privileges or Assume Identity, Bypass Protection Mechanism

Malicious users can fake authentication information by providing false DNS information.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Use other means of identity verification that cannot be simply spoofed. Possibilities include a username/password or certificate.

Phase: Implementation

Description: 

Perform proper forward and reverse DNS lookups to detect DNS spoofing.

CVE References

  • CVE-2001-1488
    • Does not do double-reverse lookup to prevent DNS spoofing.
  • CVE-2001-1500
    • Does not verify reverse-resolved hostnames in DNS.
  • CVE-2000-1221
    • Authentication bypass using spoofed reverse-resolved DNS hostnames.
  • CVE-2002-0804
    • Authentication bypass using spoofed reverse-resolved DNS hostnames.
  • CVE-2001-1155
    • Filter does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing.
  • CVE-2004-0892
    • Reverse DNS lookup used to spoof trusted content in intermediary.
  • CVE-2003-0981
    • Product records the reverse DNS name of a visitor in the logs, allowing spoofing and resultant XSS.