Flywheel is a popular WordPress hosting platform. The platform allows users to build their own attractive and efficient websites. However, a report by Resecurity has stated that a Sub-domain takeover vulnerability associated with Flywheel has been found.
First we have to understand what a Sub-domain is. A domain name usually consists of a domain and a TLD, as for example abc.xyz. Here abc is the domain, while xyz is the TLD. Sometimes there can be another name to the left of the domain. Such as pqr.abc.xyz. Here, pqr is the Sub-domain.
Sub-domain takeover implies a situation in which an attacker gets access to the sub-domain of a host domain name. This situation happens when Canonical Name Records are used by the sub-domain. A Canonical Name Record maps one domain name with another.
When no virtual host is assigned to the Canonical Record or when a virtual host is removed, it gives space for attackers. They can make their own virtual host. They also start getting access to sensitive host data and information.
In order to prevent yourself from these vulnerabilities you should check available DNS Records. Read more about the news here.