Re: DNS takeover
toggle quoted messageShow quoted text
I'm curious, how do you think this attack could be applied to CF (unless you're sitting on an actual attack, then don't post in here publicly and notify the security team)?
CF isn't performing DNS management. I can add any domain I want using `cf create-domain` or `cf create-shared-domain` (ex: `cf create-shared-domain google.com`), but unless there are wildcard DNS records, set up externally, for that domain pointing to the LB for my CF installation, I can't do anything with that domain (you technically can use it within CF, but no traffic will route to CF).
The only case where I could see this happening is if someone used a public CF provider, like PWS or Bluemix, then stopped using it but didn't clean up their DNS. At that point, the DNS would be pointing to the public provider, but if the user deleted their account, including the org & custom domain, then the domain would not be in use. I think (haven't tested) CF would permit some other user to add the domain to their account & deploy apps using that domain.
On Thu, Jul 26, 2018 at 2:23 AM, <adrian.kurt@...> wrote: