Closed
Bug 1732892
Opened 3 years ago
Closed 3 years ago
Email Spoofing to Inbox due to Missing or Misconfigured DMARC on Email Domain (mozilla.org)
Categories
(Websites :: Other, task)
Websites
Other
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1285023
People
(Reporter: hackingkid2001, Unassigned)
References
()
Details
(Keywords: reporter-external, Whiteboard: [reporter-external] [web-bounty-form] [verif?])
Title: Email Spoofing to Inbox due to Missing or Misconfigured DMARC on Email Domain
Vulnerable URL: mozilla.org
Severity: P4
Hello Team,
I have found a security vulnerability in your site where Email Spoofing to Inbox due to Missing or Misconfigured DMARC on Email Domain
Steps to reproduce:
- Go to the following URL https://mxtoolbox.com/ and enter your domain mozilla.org
- You could see DMARC Policy Not Enabled
- so, with this we can spoof emails from your domain organization
- Now go to the following URL https://emkei.cz/
- in, 'From' mail address give your organization email eg: ben@mozilla.org
- and in 'To' give your email id and click send
- If you check the mail we could see the message from Ben
Impact:
Spammers can forge the "From" address on email messages to make messages appear to come from someone in your domain. If spammers use your domain to send spam or junk email, your domain quality is negatively affected. People who get the forged emails can mark them as spam or junk, which can impact authentic messages sent from your domain.
POC: Photo attached
Flags: sec-bounty?
Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Flags: sec-bounty? → sec-bounty-
Resolution: --- → DUPLICATE
|
||
Updated•10 months ago
|
Group: websites-security
|
||
Updated•9 months ago
|
Keywords: reporter-external
You need to log in
before you can comment on or make changes to this bug.
Description
•