Risk Level: Medium
Description
This plugin ensures domains are set to auto-renew through Route53. Without the auto-renew feature, domains can expire. Expired domains can be lost and re-registered by a third party. It is recommended to renew domains regularly in order to have complete control over the domains.
About the Service
Amazon Route 53 is a cloud Domain Name System (DNS) web service that is highly accessible and scalable. It is intended to provide developers and businesses with a highly dependable and cost-effective method of routing end users to Internet applications.
Amazon Route 53 connects user requests to AWS infrastructure such as Amazon EC2 instances, Elastic Load Balancing load balancers, and Amazon S3 buckets, as well as equipment outside of AWS.
Impact
In the absence of this feature, domains can expire and be registered by others. If the domain names are not restored as soon as possible, they will become accessible for registration by others. By restoring your Route 53 expired domains in a timely manner, you will regain full control over them.
Steps to reproduce
- Sign in to your AWS console.
- Navigate to Route 53 dashboard at: https://console.aws.amazon.com/route53/
- Click Registered Domains on the left navigation window, under Domains.
- Select the domain you want to examine.
- Check the Auto-renew status under the Transfer Lock section. If it is set to Disabled, the vulnerability exists.
- Repeat the steps for each domain name currently registered with AWS Route 53.
Steps for remediation :
Enable auto-renew feature for the domain:
- Sign in to your AWS console.
- Navigate to Route 53 dashboard at: https://console.aws.amazon.com/route53/
- Click Registered Domains on the left navigation window, under Domains.
- Select the vulnerable domain.
- Click Enable next to Auto Renew to enable the renewal of Expiring Domain. An email will be sent with the detailed steps.
- Repeat the steps for all vulnerable domain names currently registered with AWS Route 53.