|
From: | GNU bug Tracking System |
Subject: | bug#49260: closed (Vulnerability Report [Misconfigured DMARC Record Flag]) |
Date: | Sat, 17 Jul 2021 06:14:02 +0000 |
Your message dated Sat, 17 Jul 2021 02:11:51 -0400 with message-id <877dhpsc3h.fsf@netris.org> and subject line Re: bug#49260: Vulnerability Report [Misconfigured DMARC Record Flag] has caused the debbugs.gnu.org bug report #49260, regarding Vulnerability Report [Misconfigured DMARC Record Flag] to be marked as done. (If you believe you have received this mail in error, please contact help-debbugs@gnu.org.) -- 49260: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=49260 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems
--- Begin Message ---Subject: Vulnerability Report [Misconfigured DMARC Record Flag] Date: Mon, 28 Jun 2021 22:28:23 +0500 Hi Team,
I am an independent security researcher and I have found a bug in your website
The details of it are as follows:-
Description: This report is about a misconfigured Dmarc/SPF record flag, which can be used for malicious purposes as it allows for fake mailing on behalf of respected organizations.
About the Issue:
As i have seen the DMARC record for
DMARC Not Found
As u can see that you Weak SPF record, a valid record should be like:-
DMARC Policy Enabled
What's the issue:
An SPF/DMARC record is a type of Domain Name Service (DNS) record that identifies which mail servers are permitted to send an email on behalf of your domain. The purpose of an SPF/DMARC record is to prevent spammers from sending messages on the behalf of your organization.
Attack Scenario: An attacker will send phishing mail or anything malicious mail to the victim via mail:
bug-gnuzilla@gnu.org
even if the victim is aware of a phishing attack, he will check the origin email which came from your genuine mail id
bug-gnuzilla@gnu.org
so he will think that it is genuine mail and get trapped by the attacker.
The attack can be done using any PHP mailer tool like this:-
<?php
$to = "VICTIM@example.com";
$subject = "Password Change";
$txt = "Change your password by visiting here - [VIRUS LINK HERE]l";
$headers = "From:
bug-gnuzilla@gnu.org
";mail($to,$subject,$txt,$headers);
?>
U can also check your Dmarc/ SPF record form: MXTOOLBOX
Reference:
https://support.google.com/a/answer/2466580?hl=en
have a look at the GOOGLE article for a better understanding!
--- End Message ---
--- Begin Message ---Subject: Re: bug#49260: Vulnerability Report [Misconfigured DMARC Record Flag] Date: Sat, 17 Jul 2021 02:11:51 -0400 Ian Kelling <iank@fsf.org> writes: > We have a dmarc policy. It is called "none". we are not doing anything > insecure or unusual, for example it is the same one that google uses: > > $ host -t txt _dmarc.gmail.com > _dmarc.gmail.com descriptive text "v=DMARC1; p=none; sp=quarantine; > rua=mailto:mailauth-reports@google.com" > $ host -t txt _dmarc.gnu.org > _dmarc.gnu.org descriptive text "v=DMARC1; p=none; > rua=mailto:dmarc-rua@fsf.org" > > Someone can close this bug. Agreed. I'm closing this bug now. Thanks, Ian. Mark -- Disinformation flourishes because many people care deeply about injustice but very few check the facts. Ask me about <https://stallmansupport.org>.
--- End Message ---
[Prev in Thread] | Current Thread | [Next in Thread] |