DNS Automatic Registration and WPAD Auto-discovery Protocol Multiple Vulnerabilities
RISK: Medium Risk
TYPE: Servers - Network Management
Multiple vulnerabilities have been identified in automatic DNS registration and auto-discovery. An attacker with access to the local network can exploit these vulnerabilities to trigger security restriction bypass and sensitive information disclosure on the targeted network.
Impact
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
When an attacker with access to the network adds a malicious device to the network with the name 'WPAD', and then an attacker may be able to utilize DNS auto-registration and auto-discovery to act as a proxy for victims on the network, resulting in a loss of confidentiality and integrity of any network activity.
For further detail technical information, please refer to related link.
Solutions
To mitigate the effect of the vulnerabilities, network administrators, system administrators and users could perform below configurations and hardening parctise:
Network Side:
- Turn off router's auto-register function to their local DNS names relates to autoconfiguration
- Do not accept mDNS based names as authoritative sources
System Side:
- Use Group Policy (GPO) or other endpoint mamangement system to harden the PC configuration
User Side:
- Disable proxy automatic discovery, if your network environment does not provide proxy services
- Set Proxy AutoConfig (PAC) file address explicitly, if your network environmnet require such proxy services
Vulnerability Identifier
- No CVE information is available
Source
Related Link
Share with