ARIA rates this HIGH due to the potential for serving malicious content and reputational damage. Real-world exploitability is high as it involves misconfiguration rather than a complex vulnerability.
Misconfigured DNS records pointing to inactive AWS resources like S3 buckets or CloudFront distributions can lead to subdomain takeover, allowing attackers to serve unauthorized content under affected domains. This impacts organizations with poorly managed cloud infrastructure lifecycle processes.
Affected Systems
- AWS S3 Buckets
- CloudFront Distributions
- Custom Domains with DNS records pointing to AWS services
Affected Versions: All versions
Remediation
- Audit and clean up unused resources in the AWS Management Console or via CLI.
- Review all DNS records for active pointers to removed resources.
- Implement lifecycle policies to automatically delete S3 buckets and CloudFront distributions when no longer needed.
Stack Impact
This affects custom domains configured with AWS services, including but not limited to: nginx (if serving as a reverse proxy), docker (if used in deployment processes), linux kernel (base OS for many cloud instances), openssh (for secure access to servers).