Skip to content

Keycdn (kxcdn.com) is not vulnerable for subdomain takeover #112

New issue
New issue
Closed
Closed
Keycdn (kxcdn.com) is not vulnerable for subdomain takeover#112
Labels
not vulnerableSomeone has made it very clear that this service is not vulnerable to subdomain takeovers.
@mzet-

Description

@mzet-
mzet-
opened on Sep 9, 2019

Service name

Content delivery, simplified (https://www.keycdn.com/).

Documentation

It seems that there is no way to claim dangling CNAME record to kxcdn.com entry. As record of kxcdn.com has following structure:

<user-provided-input>-<keycdn-user-ID>.kxcdn.com

attacker has only control of the first part of the entry (i.e. <user-provided-input>) second part is (<keycdn-user-ID>) is assigned by the KeyCdn during registration.

Metadata

Metadata

Assignees

No one assigned

    Labels

    not vulnerableSomeone has made it very clear that this service is not vulnerable to subdomain takeovers.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions