Zero-Day Advisory
Fortinet Discovers VMWare Subdomain Takeover Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered the vmware.com subdomain takeover vulnerability.
The subdomain takeover vulnerability is caused by a misconfigured DNS entry. It exists because vmware.com is using the Netlify Domain Controller, pointing one of its subdomains to an unregistered Netlify subdomain. As a result, it can allow attackers to hijack cookies, bypass Cross-Origin Resource Sharing (CORS), bypass Content-Security Policies (CSP), cheat the password manager applications, intercept emails, etc. by registering the subdomain.
Solutions
VMware has removed the subdomain.
Timeline
Fortinet reported the vulnerability to VMware on Oct 21, 2019.
VMware confirmed the vulnerability on Oct 21, 2019.
VMware patched the vulnerability on Oct 29, 2019.
Acknowledgement
This vulnerability was discovered by Zhouyuan Yang of Fortinet's FortiGuard Labs.