Hacker News new | past | comments | ask | show | jobs | submit login

Yes, GitHub pages are vulnerable to (sub)domain takeovers too [1], but GitLab has a couple of specific characteristics that make matters worse.

[1]: https://hackerone.com/reports/263902




How so?


Unfortunately, I cannot disclose any further details until GitLab give me permission to do so. All that I can say is that GitLab has certain features for custom domains that GitHub does not have. I plan on publishing a technical write-up once everything has been resolved.


Is this related to the issues recently discovered with the TLS-01-SNI validation method for TLS certs?

Looking over how GitLab handles setting up custom domains[1], it's pretty clear they were affected by that. I thought it was pretty much decided that's more a problem with the Baseline Requirements than with individual service providers like GitLab though. Mozilla even went so far as to forbid CAs from using two of the Baseline Requirement validation methods as a result of that vulnerability[2]. Assuming the CAs comply this shouldn't be an issue anymore, right?

Or were you referring to something else?

[1]: https://docs.gitlab.com//ce/user/project/pages/introduction....

[2]: https://groups.google.com/d/msg/mozilla.dev.security.policy/...


My finding was heavily inspired by Frans' report, but it is not actually related.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: