DEPRECATED: Reliance on DNS Lookups in a Security Decision
This deprecated entry has been merged into CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action. All related content has been moved to that primary weakness entry.
This entry was retired because it duplicated the core issue described in CWE-350: using DNS lookups, particularly reverse DNS (rDNS), to make security decisions like authentication or access control. DNS records are inherently easy to spoof or poison, making them an unreliable source for verifying identity or trust. Relying on them creates a significant vulnerability where an attacker can manipulate DNS to bypass security checks. For current guidance, developers should reference CWE-350 directly. The main takeaway is to never use DNS hostnames or IP address lookups alone to authenticate users, authorize actions, or filter input. Instead, implement proper authentication mechanisms like certificates, tokens, or other cryptographic methods that cannot be easily forged through DNS manipulation.