DEPRECATED: Trusting Self-reported DNS Name
This entry is a duplicate and has been consolidated into CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action. The content from this deprecated entry has been fully migrated to CWE-350.
This weakness, now documented under CWE-350, occurs when an application uses a client's self-reported DNS hostname (obtained via a reverse DNS lookup) to make a security decision, such as granting access or trusting data. Attackers can easily spoof or poison DNS records to make their connection appear to originate from a trusted domain, bypassing these flawed checks. Relying on this easily forged information creates a significant vulnerability in your authentication or authorization logic. To address this, you should never use a reverse DNS lookup result as the sole factor for a security-critical action. Instead, implement proper authentication mechanisms like certificates, API keys, or tokens that are cryptographically secure and cannot be spoofed at the DNS level. Always validate the actual source and integrity of connections using these stronger, dedicated security protocols.