Description

One of the subdomains of the scanned domain is pointing to an external service but the external service account was cancelled or has expired. Because the account is not in use anymore, an attacker can claim this account and takeover your subdomain. The attacker can use this subdomain for phishing or to spread malware.

Remediation

It's recommened to reconfigure the DNS settings for this subdomain or remove the DNS entry pointing to the external service.

References

Hostile Subdomain Takeover using Heroku/Github/Desk + more

Related Vulnerabilities

MySQL utf8 4-byte truncation

ASP.NET header checking is disabled in web.config

Oracle applications logs publicy available

Content Security Policy Misconfiguration

Subresource Integrity (SRI) Not Implemented

Severity

Medium

Classification

CWE-16 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Configuration