Vulnerability Report - Email Spoofing #599
Comments
|
any updates on this @rd123myb ? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Summary:
I just checked for DMARC records and DMARC policy for mybit.io domain and there are none.
I also checked for SPF records and there are none. (pics attached)
Effectively allowing for spam to originate from that domain.
You can validate by testing yourself over here: mxtoolbox.com
Severity: Medium
Steps to Reproduce:
This can be done using any php mailer tool like this ,
Impact:
This is useful in phishing, and this type of vulnerability is news worthy
1-(http://bits.blogs.nytimes.com/2015/04/09/sendgrid-email-breach-was-used-to-attack-coinbase-a-bitcoin-exchange/
2-
https://medium.com/@hotbit/official-statement-notices-of-counterfeit-email-listing-hotbit-io-d1d240005d35
Due to this vulnerability, any hacker can send a forged email to your customers using your domain .Thus, getting sensitive information of your customers like login details,personal information,forced-download a virus/malware etc.
Also when an attacker sends an email to your customers asking them to change their password or to get airdrops of your coin/token or even buy your product on discount.The customer,after seeing the mail,might consider the mail as legit and falls for the trap.
In doing this the attacker can take them to his website where certain JavaScript is executed which steals customer's session id and password.
The results can be more dangerous and impactful.
Fix:
You can find the SPF fix over here : https://www.digitalocean.com/community/tutorials/how-to-use-an-spf-record-to-prevent-spoofing-improve-e-mail-reliability
For DMARC record : https://easydmarc.com/blog/how-to-fix-no-dmarc-record-found/
and DMARC policy here: https://support.rackspace.com/how-to/create-a-dmarc-policy/
The text was updated successfully, but these errors were encountered: