GNU bug report logs - #49260
Vulnerability Report [Misconfigured DMARC Record Flag]

Previous Next

Package: gnuzilla;

Reported by: Cyber Zeus <cyberzeus111 <at> gmail.com>

Date: Mon, 28 Jun 2021 17:32:02 UTC

Severity: normal

Merged with 54714

Done: Mark H Weaver <mhw <at> netris.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Cyber Zeus <cyberzeus111 <at> gmail.com>
To: 49260 <at> debbugs.gnu.org
Subject: bug#49260: Vulnerability Report [Misconfigured DMARC Record Flag]
Date: Tue, 13 Jul 2021 23:02:39 +0500

[Message part 1 (text/plain, inline)]
Hi team
Kindly update me with the bug that I have reported.
-Zeus

On Mon, Jun 28, 2021 at 10:28 PM Cyber Zeus <cyberzeus111 <at> gmail.com> wrote:

> Hi Team,
> I am an independent security researcher and I have found a bug in your
> website
> The details of it are as follows:-
>
> Description: This report is about a misconfigured Dmarc/SPF record flag,
> which can be used for malicious purposes as it allows for fake mailing on
> behalf of respected organizations.
>
> About the Issue:
> As i have seen the DMARC record for
> gnu.org <bug-gnuzilla <at> gnu.org>
>
> which is:
> DMARC Policy Not Enabled
> DMARC Not Found
>
> As u can see that you Weak SPF record, a valid record should be like:-
>
> DMARC Policy Enabled
> What's the issue:
> An SPF/DMARC record is a type of Domain Name Service (DNS) record that
> identifies which mail servers are permitted to send an email on behalf of
> your domain. The purpose of an SPF/DMARC record is to prevent spammers from
> sending messages on the behalf of your organization.
>
> Attack Scenario: An attacker will send phishing mail or anything malicious
> mail to the victim via mail:
>
> bug-gnuzilla <at> gnu.org
>
>
> even if the victim is aware of a phishing attack, he will check the origin
> email which came from your genuine mail id
> bug-gnuzilla <at> gnu.org
>
>
> so he will think that it is genuine mail and get trapped by the attacker.
> The attack can be done using any PHP mailer tool like this:-
>
> <?php
> $to = "VICTIM <at> example.com";
> $subject = "Password Change";
> $txt = "Change your password by visiting here - [VIRUS LINK HERE]l";
> $headers = "From:
>
> bug-gnuzilla <at> gnu.org
>
> ";mail($to,$subject,$txt,$headers);
> ?>
>
> U can also check your Dmarc/ SPF record form: MXTOOLBOX
>
> Reference:
> https://support.google.com/a/answer/2466580?hl=en
> have a look at the GOOGLE article for a better understanding!
>
> [image: image.png]
> [image: image.png]
>

[Message part 2 (text/html, inline)]
[image.png (image/png, inline)]
[image.png (image/png, inline)]
This bug report was last modified 3 years and 46 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.