GNU bug report logs -
#54714
Vulnerability Report [Misconfigured DMARC Record Flag]
Previous Next
Full log
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi team
I hope you're having a good day, It's been a while I haven't heard from
you. I want to inquire about the bug bounty for reporting the vulnerability.
-Zeus
On Mon, Feb 28, 2022 at 10:34 PM Cyber Zeus <cyberzeus111 <at> gmail.com> wrote:
> Hi team,
> It's been a while, Kindly update me with the report that I've reported.
> -Zeus
>
>
> On Tue, Dec 14, 2021 at 12:20 AM Cyber Zeus <cyberzeus111 <at> gmail.com>
> wrote:
>
>> Hi team,
>> Kindly update me with the report that i've reported.
>> -zeus
>>
>> On Tue, Jul 13, 2021 at 11:02 AM Cyber Zeus <cyberzeus111 <at> gmail.com>
>> wrote:
>>
>>> Hi team
>>> Kindly update me with the bug that I have reported.
>>> -Zeus
>>>
>>> On Mon, Jun 28, 2021 at 10:28 PM Cyber Zeus <cyberzeus111 <at> gmail.com>
>>> wrote:
>>>
>>>> Hi Team,
>>>> I am an independent security researcher and I have found a bug in your
>>>> website
>>>> The details of it are as follows:-
>>>>
>>>> Description: This report is about a misconfigured Dmarc/SPF record
>>>> flag, which can be used for malicious purposes as it allows for fake
>>>> mailing on behalf of respected organizations.
>>>>
>>>> About the Issue:
>>>> As i have seen the DMARC record for
>>>> gnu.org <bug-gnuzilla <at> gnu.org>
>>>>
>>>> which is:
>>>> DMARC Policy Not Enabled
>>>> DMARC Not Found
>>>>
>>>> As u can see that you Weak SPF record, a valid record should be like:-
>>>>
>>>> DMARC Policy Enabled
>>>> What's the issue:
>>>> An SPF/DMARC record is a type of Domain Name Service (DNS) record that
>>>> identifies which mail servers are permitted to send an email on behalf of
>>>> your domain. The purpose of an SPF/DMARC record is to prevent spammers from
>>>> sending messages on the behalf of your organization.
>>>>
>>>> Attack Scenario: An attacker will send phishing mail or anything
>>>> malicious mail to the victim via mail:
>>>>
>>>> bug-gnuzilla <at> gnu.org
>>>>
>>>>
>>>> even if the victim is aware of a phishing attack, he will check the
>>>> origin email which came from your genuine mail id
>>>> bug-gnuzilla <at> gnu.org
>>>>
>>>>
>>>> so he will think that it is genuine mail and get trapped by the
>>>> attacker.
>>>> The attack can be done using any PHP mailer tool like this:-
>>>>
>>>> <?php
>>>> $to = "VICTIM <at> example.com";
>>>> $subject = "Password Change";
>>>> $txt = "Change your password by visiting here - [VIRUS LINK HERE]l";
>>>> $headers = "From:
>>>>
>>>> bug-gnuzilla <at> gnu.org
>>>>
>>>> ";mail($to,$subject,$txt,$headers);
>>>> ?>
>>>>
>>>> U can also check your Dmarc/ SPF record form: MXTOOLBOX
>>>>
>>>> Reference:
>>>> https://support.google.com/a/answer/2466580?hl=en
>>>> have a look at the GOOGLE article for a better understanding!
>>>>
>>>> [image: image.png]
>>>> [image: image.png]
>>>>
>>>
[Message part 2 (text/html, inline)]
[image.png (image/png, inline)]
[image.png (image/png, inline)]
This bug report was last modified 3 years and 42 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.