115246.txt

ReportLink:https://hackerone.com/reports/115246
WeaknessName:Violation of Secure Design Principles
Reporter:https://hackerone.com/waqar_vicky
ReportedTo:Paragon Initiative Enterprises(paragonie)
BountyAmount:
Severity:
State:Closed
DateOfDisclosure:27.04.2016 0:31:58

Summary:

Description:

I found out that there is no DNSSEC configured on your webserver to prevent DNS related attacks. This is an issue that would allow attackers to target your DNS directly The Domain Name System Security Extensions (DNSSEC) is a suite of Internet Engineering Task Force (IETF) specifications for securing certain kinds of information provided by the Domain Name System (DNS) as used on Internet Protocol (IP) networks. It is a set of extensions to DNS which provide to DNS clients (resolvers) origin authentication of DNS data, authenticated denial of existence, and data integrity, but not availability or confidentiality. You guys have not become popular among web vendors this is one thing that you should take under consideration Hope this helps

Steps to reproduce:

http://dnssec-debugger.verisignlabs.com/paragonie.com

Check the above results for paragonie.com

And from the local server visit this URL https://dnssectest.sidnlabs.nl/test.php It will also show you that you are not protected against DNSsec related attack

Suggested fix
Enable DNSsec.

Regards:
Vicky