Closed
Bug 1366039
Opened 8 years ago
Closed 8 years ago
smtp.mozilla.org allows to send mails
Categories
(Websites :: Other, defect)
Websites
Other
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1285023
People
(Reporter: vladimirmetnew, Unassigned)
References
()
Details
(Keywords: reporter-external, Whiteboard: [reporter-external] [web-bounty-form] [verif?])
Repro:
Login to smtp.mozilla.org with telnet/nc to 25 port
nc smtp.mozilla.org 25
HELO smtp.mozilla.org
MAIL FROM: <support@smtp.mozilla.org>
RCPT TO: <root@smtp.mozilla.org> # OR <support@smtp.mozilla.org>
// Your message here.
Email will be queued. # 250 2.0.0 Ok: queued as B1C4DBFFF7
because of no auth, unauthenticated user can send emails from smtp.mozilla.org - (503 5.5.1 Error: authentication not enabled)
Flags: sec-bounty?
|
Reporter | |
Comment 1•8 years ago
|
||
Maybe, it's important to note: Attacker allowed to send mails inside the mozilla network. Maybe, there is a workaround for sending mails to other external users, but currently I can't find it.
|
|
Reporter | |
Comment 2•8 years ago
|
||
Another open smtp exists at smtp.scl3.mozilla.org
|
||
Comment 3•8 years ago
|
||
mozilla.org is a newsgroup service and is configured this way intentionally.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
|
|
Reporter | |
Comment 4•8 years ago
|
||
and bugzilla-cps1.community.scl3.mozilla.com too?
|
|
||
Updated•8 years ago
|
Flags: sec-bounty? → sec-bounty-
|
||
Updated•4 years ago
|
Group: websites-security
|
||
Updated•9 months ago
|
Keywords: reporter-external
You need to log in
before you can comment on or make changes to this bug.
Description
•