Beware! Interactsh Users Vulnerable to Subdomain Takeover

CVECVE-2023-36474
CVSScvssV3_1: 8.2
SourceCVE-2023-36474

Interactsh, an open-source tool used for detecting out-of-band interactions, was found to have a vulnerability that could allow subdomain takeover.

Older versions of Interactsh server would automatically create CNAME records pointing user subdomains to a GitHub Pages site for hosting a web client interface. However, if a user did not need the web client, this left their subdomain open to takeover.

Attackers could seize control of the vulnerable subdomain and host malicious scripts. This would allow them to perform cross-site scripting (XSS) attacks and run arbitrary code in the user’s browser whenever they visited the subdomain.

The vulnerability has been addressed in newer versions of Interactsh which make CNAME records optional rather than default.

If you use Interactsh, be sure to update to the latest version. You should also check your DNS records for any leftover CNAME entries and remove them if not needed. Staying on top of software updates is key to protecting yourself from these types of configuration issues turned security risks.

References