Description
The "Internal IP Address Disclosure on Subdomain Discovered" alarm indicates that an internal IP address has been unintentionally exposed on a publicly accessible subdomain. Internal IP addresses are private network addresses that should not be publicly disclosed as they can provide attackers with information about your network architecture and potentially facilitate targeted attacks. When this alarm is triggered, it is crucial to take immediate action to remove the exposure and prevent further disclosures.
Address ranges to be used by private networks are:
Class A: 10.0.0.0 to 10.255.255.255
Class B: 172.16.0.0 to 172.31.255.255
Class C: 192.168.0.0 to 192.168.255.255
Impact
The exposure of an internal IP address on a publicly accessible subdomain can have several implications:
Network Vulnerability: Attackers can leverage the exposed internal IP address to gather information about your network infrastructure, potentially identifying entry points for unauthorized access and exploitation.
Targeted Attacks: The disclosed internal IP address provides attackers with valuable information for launching targeted attacks, such as network reconnaissance, scanning, or exploitation of vulnerabilities specific to your network setup.
Mitigation
To mitigate the risks associated with internal IP address disclosure on subdomains, consider the following steps:
Audit and Remove Exposures: Regularly scan your domains and subdomains for misconfigurations, vulnerabilities, and unintended exposures. Identify any instances of internal IP address disclosure and promptly remove them from publicly accessible subdomains.
Proper Network Segmentation: Implement network segmentation to isolate internal IP addresses from public-facing systems and ensure that only authorized users or services have access to internal resources.
Use External-Facing IP Addresses: Avoid using internal IP addresses on publicly accessible subdomains. Instead, use external-facing IP addresses or domain names that are not linked to your internal network.
Access Controls and Authentication: Implement strong access controls and user authentication mechanisms to limit access to sensitive information and resources. Regularly review and update user privileges to prevent unauthorized disclosure.
By following these mitigation steps, you can reduce the risk of internal IP address disclosure on subdomains and enhance the security of your network infrastructure.
Severity
Tags
Related Vulnerabilities
- POP3 Cleartext Credentials Transmission Discovered
- INFO.PHP Information Disclosure Discovered
- Weak SSH Algorithms Discovered
- Expose_php Information Disclosure Discovered
- Unsupported Web Server Discovered
- Missing HTTP Security Header Discovered
- SQL Error Discovered
- Unsupported PHP Version Discovered
- Sensitive Information Disclosure Discovered
- .DS_Store File Discovered
- Domain In Blacklist Discovered
- Weak SSL Algorithms Discovered
- Risky HTTP Methods Allowed Discovered
- xmlrpc.php File Discovered
- Browsable Web Directory Discovered
- Critical Open Port Discovered
- Internal IP Address Disclosure On Subdomain Discovered
- Cleartext Credentials Transmission Discovered
- Missing Sender SPF Control on Your Mail Server Discovered
- Missing DMARC Record Discovered
- Impersonating Domain Discovered
- Malware Infected Computer Discovered
- C-Level/Employee Data Leak Discovered
- Mail Server In Blacklist Discovered
- Default Installation Page Discovered
- IP(s) In Blacklist Discovered