Summary by National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program
Site was decommissioned.
internal IP Disclosure via Public DNS Record (blue.guest.hq.nasa.gov)
Disclosed by Theekshana_kusal- Engagement National Aeronautics and Space Administration (NASA) - Vulnerability Disclosure Program
- Disclosed date 7 months ago
- Priority P5 Bugcrowd's VRT priority rating
- Status Informational This vulnerability is seen as an accepted business risk
Summary by Theekshana_kusal
Vulnerability Report – NASA VDP
Title: Internal IP Disclosure via Public DNS Record (blue.guest.hq.nasa.gov)
Summary:
The subdomain blue.guest.hq.nasa.gov was found to resolve to a private/internal IP address 192.168.50.4.
This indicates internal infrastructure exposure and could potentially assist attackers in network mapping or enable DNS rebinding attacks if chained with other weaknesses.
Impact:
- Internal IP addressing scheme disclosed
- Information leakage that could aid attackers in topology mapping
- Potential DNS rebinding risk
Recommendation:
Review and remove any public-facing DNS records that resolve to private/internal IPs. Maintain DNS hygiene across assets.
This report was classified as Informational (P5) but shared here for educational purposes to highlight common DNS misconfigurations.