Summary by customer
A dangling CNAME record of a bosch.com subdomain was pointing to an Azure service not claimed by Bosch. This allowed for a subdomain takeover.
Subdomain Takeover
Disclosed by AishKendle- Program Undisclosed
- Disclosed date almost 4 years ago
- Points 20
- Priority P2 Bugcrowd's VRT priority rating
- Status Resolved This vulnerability has been accepted and fixed
Summary by AishKendle
The dangling CNAME record of sidaccounts.bosch.com was pointing to sidaccounts.trafficmanager.net which was not claimed by Bosch. I registered a service with this name and therefore was able to takeover the subdomain.