CWE - CWE-247: Reliance on DNS Lookups in a Security Decision (1.6)

Home > CWE List > CWE- Individual Dictionary Definition (1.6)

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research
CWE/SANS Top 25
CWSS

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

CWE-247: Reliance on DNS Lookups in a Security Decision

Reliance on DNS Lookups in a Security Decision

Weakness ID: 247 (Weakness Variant)

Status: Incomplete

Description

Description Summary

Attackers can spoof DNS entries. Do not rely on DNS names for security.

Time of Introduction

Implementation
Architecture and Design

Applicable Platforms

Languages

All

Demonstrative Examples

Example 1

The following code sample uses a DNS lookup in order to decide whether or not an inbound request is from a trusted host. If an attacker can poison the DNS cache, they can gain trusted status.

(Bad Code)

Java

String ip = request.getRemoteAddr();

InetAddress addr = InetAddress.getByName(ip);

if (addr.getCanonicalHostName().endsWith("trustme.com")) {

trusted = true;

}

IPAddress hostIPAddress = IPAddress.Parse(RemoteIpAddress);

IPHostEntry hostInfo = Dns.GetHostByAddress(hostIPAddress);

if (hostInfo.HostName.EndsWith("trustme.com")) {

trusted = true;

}

IP addresses are more reliable than DNS names, but they can also be spoofed. Attackers can easily forge the source IP address of the packets they send, but response packets will return to the forged IP address. To see the response packets, the attacker has to sniff the traffic between the victim machine and the forged IP address. In order to accomplish the required sniffing, attackers typically attempt to locate themselves on the same subnet as the victim machine. Attackers may be able to circumvent this requirement by using source routing, but source routing is disabled across much of the Internet today. In summary, IP address verification can be a useful part of an authentication scheme, but it should not be the single factor required for authentication.

Other Notes

Many DNS servers are susceptible to spoofing attacks, so you should assume that your software will someday run in an environment with a compromised DNS server. If attackers are allowed to make DNS updates (sometimes called DNS cache poisoning), they can route your network traffic through their machines or make it appear as if their IP addresses are part of your domain. Do not base the security of your system on DNS names.

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
ChildOf	Weakness Class	227	Failure to Fulfill API Contract ('API Abuse')	Development Concepts (primary)699
PeerOf	Weakness Base	290	Authentication Bypass by Spoofing	Research Concepts1000
ChildOf	Weakness Class	345	Insufficient Verification of Data Authenticity	Research Concepts (primary)1000

Content History

Submissions
Submission Date	Submitter	Organization	Source
	7 Pernicious Kingdoms		Externally Mined

Modifications
Modification Date	Modifier	Organization	Source
2008-07-01	Eric Dalci	Cigital	External
2008-07-01	updated Time of Introduction
2008-09-08	CWE Content Team	MITRE	Internal
2008-09-08	updated Relationships, Other Notes, Taxonomy Mappings
2009-05-27	CWE Content Team	MITRE	Internal
2009-05-27	updated Relationships, Taxonomy Mappings
2009-07-27	CWE Content Team	MITRE	Internal
2009-07-27	updated Demonstrative Examples

Page Last Updated: October 29, 2009


	CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2009, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us