TH17111
Detected presence of files containing URLs that use sign-in paths specific to trusted domains.
| priority | CI/CD status | severity | effort | RL level | RL assessment |
|---|---|---|---|---|---|
 | pass | medium | high | None | None |
About the issueโ
Uniform Resource Locators (URLs) are structured addresses that point to locations and assets on the internet. URLs allow software developers to build complex applications that exchange data with servers that can be hosted in multiple geographical regions. URLs can commonly be found embedded in documentation, configuration files, source code and compiled binaries. Attackers often try to trick users into visiting a malicious domain. Users are more likely to click the links they deem to be trustworthy. To appear trustworthy, attackers may leverage URL paths that appear similar to sign-in paths of trusted domains. Combined with other URL obfuscation techniques, this approach may mislead the users into visiting an attacker-controlled domain. While presence of trusted sign-in paths in network references does not imply malicious intent, all instances of this issue should be reviewed.
How to resolve the issueโ
- Investigate reported detections.
- If the software should not include these network references, investigate your build and release environment for software supply chain compromise.
- You should delay the software release until the investigation is completed, or until the issue is risk accepted.
- Consider removing all references to flagged network locations.
Recommended readingโ
- Phishing (ReversingLabs glossary)