Summary: The subdomain datacafe-cert.starbucks.com had an CNAME record pointing to an unclaimed Azure webservice. This is a high severity security issue because an attacker can register the subdomain on Azure and therefore can own the subdomain datacafe-cert.starbucks.com.
Description: The dangling CNAME record of datacafe-cert.starbucks.com is pointing to s00397nasv101-datacafe-cert.azurewebsites.net which was not claimed by you. I registered a service with this name and therefore was able to takeover the subdomain. Every attacker doing this has afterwords full control over the contents served on this subdomain.
Platform(s) Affected: http://datacafe-cert.starbucks.com/ https://datacafe-cert.starbucks.com/
The full domain can be taken over. Arbitrary content can be served under it.
I noticed the dangling CNAME record of datacafe-cert.starbucks.com.
1) Remove the dangling CNAME record from datacafe-cert.starbucks.com 2) I release s00397nasv101-datacafe-cert.azurewebsites.net 3) You can reclaim it if you want
This issue can be exploited in several ways, for example but not limited to: XSS, Phishing, Session Hijacking due to bypassing of SOP