bug-gnuzilla
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#49260: Vulnerability Report [Misconfigured DMARC Record Flag]


From: Gary
Subject: bug#49260: Vulnerability Report [Misconfigured DMARC Record Flag]
Date: Tue, 13 Jul 2021 16:22:49 -0700


The mailing list server not implementing strict SPF & DKIM is a choice and not necessarily a security risk as dire as you seem to indicate — and may actually cause more problems than it fixes. The server in question is definitely not an open relay. I am a participant on a list, however, and not a sysadmin, so continuing to spam mailing lists on this subject matter instead of tracking down a sysadmin is more annoying than it is helpful.


On Tue, Jul 13, 2021 at 11:46 AM Cyber Zeus <cyberzeus111@gmail.com> wrote:
Hi team
Kindly update me with the bug that I have reported.

-Zeus

On Mon, Jun 28, 2021 at 10:28 PM Cyber Zeus <cyberzeus111@gmail.com> wrote:
Hi Team,
I am an independent security researcher and I have found a bug in your website  
The details of it are as follows:-

Description: This report is about a misconfigured Dmarc/SPF record flag, which can be used for malicious purposes as it allows for fake mailing on behalf of respected organizations.

About the Issue:
As i have seen the DMARC record for 

gnu.org


which is:
DMARC Policy Not Enabled
DMARC Not Found

   
As u can see that you Weak SPF record, a valid record should be like:-

DMARC Policy Enabled
What's the issue:
An SPF/DMARC record is a type of Domain Name Service (DNS) record that identifies which mail servers are permitted to send an email on behalf of your domain. The purpose of an SPF/DMARC record is to prevent spammers from sending messages on the behalf of your organization.

Attack Scenario: An attacker will send phishing mail or anything malicious mail to the victim via mail: 

bug-gnuzilla@gnu.org



even if the victim is aware of a phishing attack, he will check the origin email which came from your genuine mail id 

bug-gnuzilla@gnu.org



so he will think that it is genuine mail and get trapped by the attacker.
The attack can be done using any PHP mailer tool like this:-

<?php
$to = "VICTIM@example.com";
$subject = "Password Change";
$txt = "Change your password by visiting here - [VIRUS LINK HERE]l";
$headers = "From: 

bug-gnuzilla@gnu.org


";mail($to,$subject,$txt,$headers);
?>

U can also check your Dmarc/ SPF record form: MXTOOLBOX

Reference:
https://support.google.com/a/answer/2466580?hl=en
have a look at the GOOGLE article for a better understanding!

image.png
image.png

reply via email to

[Prev in Thread] Current Thread [Next in Thread]