In this article:
A subdomain was detected on target domain names that are accessible to the public Internet. There is a possibility that this subdomain may be a portal to administrative functionalities for various enterprise applications.
How is this issue discovered?
Any presence of the following strings within the domain URL: "admin", "intranet", "manage", "secret" will produce a finding for this issue type.
The best way to resolve this finding would be to remove public access to the admin portal. This can be done by putting the portal behind VPN access or some other accept list managed by your firewall.
How can this issue be resolved?
- I have fixed this
Remove public access to the portal (VPN, accept listing, etc).
- I have a compensating control
The portal has MFA authentication.
- This is not my IP or domain
At the time of detection this asset (IP or domain) was not owned by you.
- I cannot reproduce this issue and I think it’s incorrect
Choose this option if you feed the domain listed is not an admin portal of any kind.