WPAD Security Considerations

What is WPAD? WPAD stands for Windows Proxy Auto-Discovery. It is a protocol to obtain the URL for a PAC file. WPAD uses the following methods in order to discover the PAC file URL: DHCP DNS WINS LLMNR NetBIOS Hosts Lmhosts The PAC file tells the host where to direct network traffic. This is usually used to force traffic through a web proxy. Why is it insecure? When DHCP or DNS is misconfigured or not configured, an attacker can provide the client with a PAC file that directs traffic to a compromised server....

20 March, 2022 · 1 min · 203 words · JD