PubNub is a real time application development company who prides themselves on making APIs for developers building secure realtime Mobile, Web, and IoT Applications.
Issue:
A subdomain takeover is an attack targeting subdomains of a website with a CNAME reference to an old or expired third party application. Since the reference still exisits to the third party site it is possible for a hacker to take full control of the subdomains. Some of the vulnerable services this can be done with are Shopify, Github, Tumblr, or in this case Pingdom.
The subdomain stats.pubnub.com had a CNAME reference to stats.pingdom.com but the subdomain is not being used on Pingdom’s end.
I knew that with the Pingdom service I could claim the subdomain and make my own pingdom stats page that would show up on the subdomain stats.pubnub.com. This is shown below.
Impact:
This could be used to deface or tarnish the reputation of Pubnub. This could be done by adding inappropriate images or links to the page that would be rendering at the stats.pubnub.com address.
Remediation:
To remediate this issue PubNub removed the DNS-entry for stats.pubnub.com.
Disclosure Timeline:
1/26/17: Issue was discovered
1/27/17: Issue was disclosed to PubNub through [email protected].
1/27/17: Got a response back from Eric Lannan at PubNub who forwarded it to the proper people.
1/27/17: Checked a few hours later and stats.pubnub.com no longer had a CNAME entry to Pingdom.
Conclusion:
I was very impressed with how quickly PubNub moved to resolve the issue. I do want to thank Eric Lannan at PubNub for letting me know the email was received and that he forwarded on.