SAD DNS — New Flaws Re-Enable DNS Cache Poisoning Attacks

A group of academics from the University of California and Tsinghua University has uncovered a series of critical security flaws that could lead to a revival of DNS cache poisoning attacks.

Dubbed “SAD DNS attack” (short for Side-channel AttackeD DNS), the technique makes it possible for a malicious actor to carry out an off-path attack, rerouting any traffic originally destined to a specific domain to a server under their control, thereby allowing them to eavesdrop and tamper with the communications.

“This represents an important milestone — the first weaponizable network side channel attack that has serious security impacts,” the researchers said. “The attack allows an off-path attacker to inject a malicious DNS record into a DNS cache.”

Tracked as CVE-2020-25705, the findings were presented at the ACM Conference on Computer, and Communications Security (CCS ’20) held this…

Exit mobile version