Closed
Bug 1394138
Opened 7 years ago
Closed 7 years ago
DMARC Missing in core Domain "mozilla.org" and SPF record is easily bypass from incoming email comes from mozilla.org
Categories
(Infrastructure & Operations :: Infrastructure: Mail, task, P1)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1285023
People
(Reporter: zapphack, Unassigned)
Details
(Keywords: reporter-external)
Attachments
(1 file)
|
1.67 MB,
video/mp4
|
Details |
Hello
DMARC record is missing and any email comes from "@mozilla.org" is spoofable. I can bypass SPF record also. Attacker can easily impersonate mozilla and bugzilla employes and support emails with the help of this trick.
I am sending proof of concept video.
Have a look
Regards
Zahid Ali
|
||
Comment 1•7 years ago
|
||
dupe of bug 1339102 ?
Assignee: nobody → infra
Group: core-security → infra
Component: Web Services → Infrastructure: Mail
Flags: needinfo?(april)
Product: Core → Infrastructure & Operations
QA Contact: limed
|
||
Updated•7 years ago
|
Severity: critical → enhancement
I am not able to see bug 1339102. I am getting error "ACCESS DENIED"
|
||
Comment 3•7 years ago
|
||
It is the bug we have about adding SPF and DMARC entries (or not) to Mozilla sites. This bug is a duplicate of it.
|
||
Updated•7 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Flags: needinfo?(april) → sec-bounty-
Resolution: --- → DUPLICATE
|
|
||
Comment 5•7 years ago
|
||
Bug 1339102 is our internal-only tracking bug, I added you to bug 1285023, which is our bug for mozilla.org. This is a long and complicated project, but we've been aware of this for some time.
|
|
||
Updated•4 years ago
|
Group: infra
|
||
Updated•9 months ago
|
Keywords: reporter-external
You need to log in
before you can comment on or make changes to this bug.
Description
•