bug-gnuzilla
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#54714: Vulnerability Report [Misconfigured DMARC Record Flag]


From: Cyber Zeus
Subject: bug#54714: Vulnerability Report [Misconfigured DMARC Record Flag]
Date: Tue, 5 Apr 2022 00:31:08 +0500

Hi team
I hope you're having a good day, It's been a while I haven't heard from you. I want to inquire about the bug bounty for reporting the vulnerability.
-Zeus

On Mon, Feb 28, 2022 at 10:34 PM Cyber Zeus <cyberzeus111@gmail.com> wrote:
Hi team,
It's been a while, Kindly update me with the report that I've reported.
-Zeus


On Tue, Dec 14, 2021 at 12:20 AM Cyber Zeus <cyberzeus111@gmail.com> wrote:
Hi team,
Kindly update me with the report that i've reported.
-zeus

On Tue, Jul 13, 2021 at 11:02 AM Cyber Zeus <cyberzeus111@gmail.com> wrote:
Hi team
Kindly update me with the bug that I have reported.
-Zeus

On Mon, Jun 28, 2021 at 10:28 PM Cyber Zeus <cyberzeus111@gmail.com> wrote:
Hi Team,
I am an independent security researcher and I have found a bug in your website  
The details of it are as follows:-

Description: This report is about a misconfigured Dmarc/SPF record flag, which can be used for malicious purposes as it allows for fake mailing on behalf of respected organizations.

About the Issue:
As i have seen the DMARC record for 

gnu.org


which is:
DMARC Policy Not Enabled
DMARC Not Found

   
As u can see that you Weak SPF record, a valid record should be like:-

DMARC Policy Enabled
What's the issue:
An SPF/DMARC record is a type of Domain Name Service (DNS) record that identifies which mail servers are permitted to send an email on behalf of your domain. The purpose of an SPF/DMARC record is to prevent spammers from sending messages on the behalf of your organization.

Attack Scenario: An attacker will send phishing mail or anything malicious mail to the victim via mail: 

bug-gnuzilla@gnu.org



even if the victim is aware of a phishing attack, he will check the origin email which came from your genuine mail id 

bug-gnuzilla@gnu.org



so he will think that it is genuine mail and get trapped by the attacker.
The attack can be done using any PHP mailer tool like this:-

<?php
$to = "VICTIM@example.com";
$subject = "Password Change";
$txt = "Change your password by visiting here - [VIRUS LINK HERE]l";
$headers = "From: 

bug-gnuzilla@gnu.org


";mail($to,$subject,$txt,$headers);
?>

U can also check your Dmarc/ SPF record form: MXTOOLBOX

Reference:
https://support.google.com/a/answer/2466580?hl=en
have a look at the GOOGLE article for a better understanding!

image.png
image.png

reply via email to

[Prev in Thread] Current Thread [Next in Thread]