Re: Vulnerability Report [Misconfigured DMARC Record Flag]

2022-06-21 Thread Gian Merlino 
Hey Zeus,

You should have received a response to this report from the Apache Security
Team (secur...@apache.org). In the future, please note that security
reports should be sent to secur...@apache.org, not the dev list.

On Tue, Jun 21, 2022 at 1:04 PM Cyber Zeus  wrote:

> Hi team
> kindly update me with the bug that I've reported.
> -Zeus
>
> On Fri, May 20, 2022 at 11:34 PM Cyber Zeus 
> wrote:
>
>> Hi Team,
>> I am an independent security researcher and I have found a bug in your
>> website
>> The details of it are as follows:-
>>
>> Description: This report is about a misconfigured Dmarc record flag,
>> which can be used for malicious purposes as it allows for fake mailing on
>> behalf of respected organizations.
>>
>> About the Issue:
>> As i have seen the DMARC record for
>>
>> *druid.apache.org*
>>
>> which is:
>> DMARC Policy Not Enabled
>> DMARC Not Found
>>
>> As u can see that your DMARC record, a valid record should be like:-
>>
>> DMARC Policy Enabled
>> What's the issue:
>> A DMARC record is a type of Domain Name Service (DNS) record that
>> identifies which mail servers are permitted to send an email on behalf of
>> your domain. The purpose of a DMARC record is to prevent spammers from
>> sending messages on the behalf of your organization.
>>
>> Attack Scenario: An attacker will send phishing mail or anything
>> malicious mail to the victim via mail:
>>
>> commits-h...@druid.apache.org
>>
>>
>> even if the victim is aware of a phishing attack, he will check the
>> origin email which came from your genuine mail id
>> commits-h...@druid.apache.org
>>
>>
>> so he will think that it is genuine mail and get trapped by the attacker.
>> The attack can be done using any PHP mailer tool like this:-
>>
>> > $to = "vic...@example.com";
>> $subject = "Password Change";
>> $txt = "Change your password by visiting here - [VIRUS LINK HERE]l";
>> $headers = "From:
>>
>> commits-h...@druid.apache.org
>>
>>
>> ";mail($to,$subject,$txt,$headers);
>> ?>
>>
>> U can also check your Dmarc/ SPF record form: MXTOOLBOX
>>
>> Reference:
>> https://support.google.com/a/answer/2466580?hl=en
>> have a look at the GOOGLE article for a better understanding![image:
>> image.png]
>> [image: image.png]
>>
>

Re: Vulnerability Report [Misconfigured DMARC Record Flag]

2022-06-21 Thread Cyber Zeus 
Hi team
kindly update me with the bug that I've reported.
-Zeus

On Fri, May 20, 2022 at 11:34 PM Cyber Zeus  wrote:

> Hi Team,
> I am an independent security researcher and I have found a bug in your
> website
> The details of it are as follows:-
>
> Description: This report is about a misconfigured Dmarc record flag, which
> can be used for malicious purposes as it allows for fake mailing on behalf
> of respected organizations.
>
> About the Issue:
> As i have seen the DMARC record for
>
> *druid.apache.org*
>
> which is:
> DMARC Policy Not Enabled
> DMARC Not Found
>
> As u can see that your DMARC record, a valid record should be like:-
>
> DMARC Policy Enabled
> What's the issue:
> A DMARC record is a type of Domain Name Service (DNS) record that
> identifies which mail servers are permitted to send an email on behalf of
> your domain. The purpose of a DMARC record is to prevent spammers from
> sending messages on the behalf of your organization.
>
> Attack Scenario: An attacker will send phishing mail or anything malicious
> mail to the victim via mail:
>
> commits-h...@druid.apache.org
>
>
> even if the victim is aware of a phishing attack, he will check the origin
> email which came from your genuine mail id
> commits-h...@druid.apache.org
>
>
> so he will think that it is genuine mail and get trapped by the attacker.
> The attack can be done using any PHP mailer tool like this:-
>
>  $to = "vic...@example.com";
> $subject = "Password Change";
> $txt = "Change your password by visiting here - [VIRUS LINK HERE]l";
> $headers = "From:
>
> commits-h...@druid.apache.org
>
>
> ";mail($to,$subject,$txt,$headers);
> ?>
>
> U can also check your Dmarc/ SPF record form: MXTOOLBOX
>
> Reference:
> https://support.google.com/a/answer/2466580?hl=en
> have a look at the GOOGLE article for a better understanding![image:
> image.png]
> [image: image.png]
>