GNU bug report logs - #49260
Vulnerability Report [Misconfigured DMARC Record Flag]

Previous Next

Full log

View this message in rfc822 format

From: jahoti <jahoti <at> envs.net>
To: Cyber Zeus <cyberzeus111 <at> gmail.com>
Cc: 49260 <at> debbugs.gnu.org
Subject: bug#49260: Vulnerability Report [Misconfigured DMARC Record Flag]
Date: Tue, 13 Jul 2021 22:11:00 +0000

[Message part 1 (text/plain, inline)]

Hi,

I'm not part of the "team" in any real sense. However, as was noted by 
Bill <bill-auger <at> peers.community> in response to your previous e-mail, 
this is a public mailing list for a project with no direct connection to 
the group administering the e-mail server (the FSF, contact details at 
<https://www.fsf.org/about/contact/email>).

I've forwarded your concerns to people who can do something (CCing you 
in) just in case nobody else has; if you wish to follow up in future, 
the appropriate e-mail address is <sysadmin <at> gnu.org>.

On 7/13/21 6:02 PM, Cyber Zeus wrote:
> Hi team
> Kindly update me with the bug that I have reported.
> -Zeus
> 
> On Mon, Jun 28, 2021 at 10:28 PM Cyber Zeus <cyberzeus111 <at> gmail.com> wrote:
> 
>> Hi Team,
>> I am an independent security researcher and I have found a bug in your
>> website
>> The details of it are as follows:-
>>
>> Description: This report is about a misconfigured Dmarc/SPF record flag,
>> which can be used for malicious purposes as it allows for fake mailing on
>> behalf of respected organizations.
>>
>> About the Issue:
>> As i have seen the DMARC record for
>> gnu.org <bug-gnuzilla <at> gnu.org>
>>
>> which is:
>> DMARC Policy Not Enabled
>> DMARC Not Found
>>
>> As u can see that you Weak SPF record, a valid record should be like:-
>>
>> DMARC Policy Enabled
>> What's the issue:
>> An SPF/DMARC record is a type of Domain Name Service (DNS) record that
>> identifies which mail servers are permitted to send an email on behalf of
>> your domain. The purpose of an SPF/DMARC record is to prevent spammers from
>> sending messages on the behalf of your organization.
>>
>> Attack Scenario: An attacker will send phishing mail or anything malicious
>> mail to the victim via mail:
>>
>> bug-gnuzilla <at> gnu.org
>>
>>
>> even if the victim is aware of a phishing attack, he will check the origin
>> email which came from your genuine mail id
>> bug-gnuzilla <at> gnu.org
>>
>>
>> so he will think that it is genuine mail and get trapped by the attacker.
>> The attack can be done using any PHP mailer tool like this:-
>>
>> <?php
>> $to = "VICTIM <at> example.com";
>> $subject = "Password Change";
>> $txt = "Change your password by visiting here - [VIRUS LINK HERE]l";
>> $headers = "From:
>>
>> bug-gnuzilla <at> gnu.org
>>
>> ";mail($to,$subject,$txt,$headers);
>> ?>
>>
>> U can also check your Dmarc/ SPF record form: MXTOOLBOX
>>
>> Reference:
>> https://support.google.com/a/answer/2466580?hl=en
>> have a look at the GOOGLE article for a better understanding!
>>
>> [image: image.png]
>> [image: image.png]
>>
> 

[OpenPGP_signature (application/pgp-signature, attachment)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.