HIGHCWE-350DNS Security
Subdomain Takeover via CNAME
Description
A CNAME record points to an external service that is no longer provisioned, allowing attackers to claim the subdomain and host content under your domain.
How Vezraa Detects It
We check DNS CNAME records for external services and verify those services are still actively provisioned.
Real-World Impact
Attackers can host phishing pages on your legitimate domain (e.g., login.yourcompany.com), stealing credentials from your users.
Fix Example
// Remove stale CNAME records dig CNAME app.yourdomain.com // If it points to an unclaimed service.github.io, remove the DNS record // Add a TXT record to prove ownership before deleting: "_hosted_here=yourdomain"
Affected Stacks
DNSVercelNetlifyGitHub PagesAWS