Hi There any update ? Thanks On Fri, 20 Mar 2020, 1:24 a.m. viper king, <kanakhanpago...@gmail.com> wrote:
> > > Hi, > Severity : High. > Introduction: > There is a email spoofing vulnerability.Email spoofing is the forgery of > an email header so that the message appears to have originated from someone > or somewhere other than the actual source. Email spoofing is a tactic used > in phishing and spam campaigns because people are more likely to open an > email when they think it has been sent by a legitimate source. The goal of > email spoofing is to get recipients to open, and possibly even respond to, > a solicitation. > > Steps to Reproduce: > > 1.goto http://www.kitterman.com/spf/validate.html > 2.Enter domain name: http://pidgin.im/ and click spf record if any > under "Does my domain already have an SPF record? What is it? Is it valid?" > 3.You will see that no valid spf protection. > 4.So that why i try to send email using support@pidgin.im and i was > successfully delivered the messege to my email address. > > In addition to above checking, > > I used https://emkei.cz/ and send a test mail using http://pidgin.im/domain > which was delivered successfully.This further confirms that the emails > spoofed. > > Impact > An attacker would send a Fake email. The results can be more dangerous. > _______________________________________________ Support@pidgin.im mailing list Want to unsubscribe? Use this link: https://lists.pidgin.im/listinfo/support
