catalog logoThe IAM Privilege Catalog

services / Google Cloud / Cloud domains registration

A registration is a resource representing a domain registration managed by Cloud Domains. It facilitates managing and configuring domain name registrations

Though the contents of domain registrations are public, this resource contains many permissions to update and configure domain registrations which are highly sensitive.

domains.​registrations.​configureManagement

Allows updating domain settings, such as renewal settings and whether the domain is locked from being transferred to another registrar. Also allows exporting the domain so that it is no longer managed by Cloud Domains (it is still accessible through Google Domains). Additionally allows retrieving the authorization code for transferring the domain to another registrar. These permissions combined can allow an attacker to gain control over the domain by transferring it to another registrar.

Risks

  1. Domain takeover (CRITICAL)
  2. Infrastructure destruction (HIGH)

Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.

Links

  • https:​/​/​cloud.​google.​com/​domains/​docs/​access-​control
  • https:​/​/​cloud.​google.​com/​domains/​docs/​reference/​rest/​v1beta1/​projects.​locations.​registrations
  • https:​/​/​cloud.​google.​com/​domains/​docs/​overview

    • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog