GNU bug report logs - #49260
Vulnerability Report [Misconfigured DMARC Record Flag]

Previous Next

Package: gnuzilla;

Reported by: Cyber Zeus <cyberzeus111 <at> gmail.com>

Date: Mon, 28 Jun 2021 17:32:02 UTC

Severity: normal

Merged with 54714

Done: Mark H Weaver <mhw <at> netris.org>

Bug is archived. No further changes may be made.

Full log

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Cyber Zeus <cyberzeus111 <at> gmail.com>
To: bug-gnuzilla <at> gnu.org
Subject: Vulnerability Report [Misconfigured DMARC Record Flag]
Date: Mon, 28 Jun 2021 22:28:23 +0500

[Message part 1 (text/plain, inline)]
Hi Team,
I am an independent security researcher and I have found a bug in your
website
The details of it are as follows:-

Description: This report is about a misconfigured Dmarc/SPF record flag,
which can be used for malicious purposes as it allows for fake mailing on
behalf of respected organizations.

About the Issue:
As i have seen the DMARC record for
gnu.org <bug-gnuzilla <at> gnu.org>

which is:
DMARC Policy Not Enabled
DMARC Not Found

As u can see that you Weak SPF record, a valid record should be like:-

DMARC Policy Enabled
What's the issue:
An SPF/DMARC record is a type of Domain Name Service (DNS) record that
identifies which mail servers are permitted to send an email on behalf of
your domain. The purpose of an SPF/DMARC record is to prevent spammers from
sending messages on the behalf of your organization.

Attack Scenario: An attacker will send phishing mail or anything malicious
mail to the victim via mail:

bug-gnuzilla <at> gnu.org


even if the victim is aware of a phishing attack, he will check the origin
email which came from your genuine mail id
bug-gnuzilla <at> gnu.org


so he will think that it is genuine mail and get trapped by the attacker.
The attack can be done using any PHP mailer tool like this:-

<?php
$to = "VICTIM <at> example.com";
$subject = "Password Change";
$txt = "Change your password by visiting here - [VIRUS LINK HERE]l";
$headers = "From:

bug-gnuzilla <at> gnu.org

";mail($to,$subject,$txt,$headers);
?>

U can also check your Dmarc/ SPF record form: MXTOOLBOX

Reference:
https://support.google.com/a/answer/2466580?hl=en
have a look at the GOOGLE article for a better understanding!

[image: image.png]
[image: image.png]

[Message part 2 (text/html, inline)]
[image.png (image/png, inline)]
[image.png (image/png, inline)]
This bug report was last modified 3 years and 46 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.