Leaked DNS Query Detection - WPAD Proxy Request

Medium Nessus Network Monitor Plugin ID 7202


An internal proxy discovery request has been leaked to the public realm.


WPAD, or Web Proxy Auto-Discovery is a feature which enables some browsers to determine their web proxy settings automatically. WPAD requests are sent out through DNS and Netbios, relying on a locally configured WPAD server within the same network to provide proxy server information when requested. Through an error in DNS configuration, the remote host has sent a WPAD request to the public realm, potentially allowing for a man-in-the-middle (MiTM) attack to take place. A determined attacker who is able to register a gTLD with the same domain name could theoretically serve up false WPAD information, routing all web traffic through a proxy server of their control, allowing them to eavesdrop the connection.


Disable WPAD requests or ensure firewall settings are configured to drop any outbound 'WPAD' DNS lookups.

See Also



Plugin Details

Severity: Medium

ID: 7202

Version: 1.6

Family: Data Leakage

Published: 2016/05/26

Modified: 2018/09/16

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C