GNU bug report logs - #49260
Vulnerability Report [Misconfigured DMARC Record Flag]

Previous Next

Full log

Message #14 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Gary <gdriggs <at> gmail.com>
To: Cyber Zeus <cyberzeus111 <at> gmail.com>
Cc: 49260 <at> debbugs.gnu.org, bug-gnuzilla <bug-gnuzilla <at> gnu.org>
Subject: Re: bug#49260: Vulnerability Report [Misconfigured DMARC Record Flag]
Date: Tue, 13 Jul 2021 16:22:49 -0700

[Message part 1 (text/plain, inline)]

The mailing list server not implementing strict SPF & DKIM is a choice and
not necessarily a security risk as dire as you seem to indicate — and may
actually cause more problems than it fixes. The server in question is
definitely not an open relay. I am a participant on a list, however, and
not a sysadmin, so continuing to spam mailing lists on this subject matter
instead of tracking down a sysadmin is more annoying than it is helpful.


On Tue, Jul 13, 2021 at 11:46 AM Cyber Zeus <cyberzeus111 <at> gmail.com> wrote:

> Hi team
> Kindly update me with the bug that I have reported.
>
> -Zeus
>
> On Mon, Jun 28, 2021 at 10:28 PM Cyber Zeus <cyberzeus111 <at> gmail.com>
> wrote:
>
>> Hi Team,
>> I am an independent security researcher and I have found a bug in your
>> website
>> The details of it are as follows:-
>>
>> Description: This report is about a misconfigured Dmarc/SPF record flag,
>> which can be used for malicious purposes as it allows for fake mailing on
>> behalf of respected organizations.
>>
>> About the Issue:
>> As i have seen the DMARC record for
>> gnu.org <bug-gnuzilla <at> gnu.org>
>>
>> which is:
>> DMARC Policy Not Enabled
>> DMARC Not Found
>>
>> As u can see that you Weak SPF record, a valid record should be like:-
>>
>> DMARC Policy Enabled
>> What's the issue:
>> An SPF/DMARC record is a type of Domain Name Service (DNS) record that
>> identifies which mail servers are permitted to send an email on behalf of
>> your domain. The purpose of an SPF/DMARC record is to prevent spammers from
>> sending messages on the behalf of your organization.
>>
>> Attack Scenario: An attacker will send phishing mail or anything
>> malicious mail to the victim via mail:
>>
>> bug-gnuzilla <at> gnu.org
>>
>>
>> even if the victim is aware of a phishing attack, he will check the
>> origin email which came from your genuine mail id
>> bug-gnuzilla <at> gnu.org
>>
>>
>> so he will think that it is genuine mail and get trapped by the attacker.
>> The attack can be done using any PHP mailer tool like this:-
>>
>> <?php
>> $to = "VICTIM <at> example.com";
>> $subject = "Password Change";
>> $txt = "Change your password by visiting here - [VIRUS LINK HERE]l";
>> $headers = "From:
>>
>> bug-gnuzilla <at> gnu.org
>>
>> ";mail($to,$subject,$txt,$headers);
>> ?>
>>
>> U can also check your Dmarc/ SPF record form: MXTOOLBOX
>>
>> Reference:
>> https://support.google.com/a/answer/2466580?hl=en
>> have a look at the GOOGLE article for a better understanding!
>>
>> [image: image.png]
>> [image: image.png]
>>
>

[Message part 2 (text/html, inline)]

[image.png (image/png, inline)]

[image.png (image/png, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.