Hey Zeus, You should have received a response to this report from the Apache Security Team (secur...@apache.org). In the future, please note that security reports should be sent to secur...@apache.org, not the dev list.
On Tue, Jun 21, 2022 at 1:04 PM Cyber Zeus <cyberzeus...@gmail.com> wrote: > Hi team > kindly update me with the bug that I've reported. > -Zeus > > On Fri, May 20, 2022 at 11:34 PM Cyber Zeus <cyberzeus...@gmail.com> > wrote: > >> Hi Team, >> I am an independent security researcher and I have found a bug in your >> website >> The details of it are as follows:- >> >> Description: This report is about a misconfigured Dmarc record flag, >> which can be used for malicious purposes as it allows for fake mailing on >> behalf of respected organizations. >> >> About the Issue: >> As i have seen the DMARC record for >> >> *druid.apache.org* >> >> which is: >> DMARC Policy Not Enabled >> DMARC Not Found >> >> As u can see that your DMARC record, a valid record should be like:- >> >> DMARC Policy Enabled >> What's the issue: >> A DMARC record is a type of Domain Name Service (DNS) record that >> identifies which mail servers are permitted to send an email on behalf of >> your domain. The purpose of a DMARC record is to prevent spammers from >> sending messages on the behalf of your organization. >> >> Attack Scenario: An attacker will send phishing mail or anything >> malicious mail to the victim via mail: >> >> commits-h...@druid.apache.org >> >> >> even if the victim is aware of a phishing attack, he will check the >> origin email which came from your genuine mail id >> commits-h...@druid.apache.org >> >> >> so he will think that it is genuine mail and get trapped by the attacker. >> The attack can be done using any PHP mailer tool like this:- >> >> <?php >> $to = "vic...@example.com"; >> $subject = "Password Change"; >> $txt = "Change your password by visiting here - [VIRUS LINK HERE]l"; >> $headers = "From: >> >> commits-h...@druid.apache.org >> >> >> ";mail($to,$subject,$txt,$headers); >> ?> >> >> U can also check your Dmarc/ SPF record form: MXTOOLBOX >> >> Reference: >> https://support.google.com/a/answer/2466580?hl=en >> have a look at the GOOGLE article for a better understanding![image: >> image.png] >> [image: image.png] >> >
