Network Security, Vulnerability Management

US-CERT: Domain name collision bug could result in MitM attacks

The U.S. Computer Emergency Readiness Team (US-CERT) issued an alert this week, warning of a “domain name collision” bug, causing certain DNS queries to be resolved on public instead of private or enterprise servers, exposing organizations to Man-in-the-Middle (MitM) attacks.

The Department of Homeland Security (DHS) agency warned that DNS queries using the Web Proxy Auto-Discovery protocol (WPAD) in combination with newer, publicly registered generic top-level domains, could result in queries being erroneously resolved on a public server. This is especially the case when an organization's employee connects a work computer to a home or external network that does not support said organization's WPAD configurations. According to US-CERT, “Attackers may exploit such leaked WPAD queries by registering the leaked domain and setting up MitM proxy configuration files on the Internet.”

WPAD is enabled by default in Windows and on Internet Explorer, and is supported by the other major operating systems and browsers. The US-CERT alert includes recommendations to defend against this vulnerability.

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.