https://bz.apache.org/ooo/show_bug.cgi?id=127360
Issue ID: 127360 Issue Type: DEFECT Summary: DMARC Security Missing in your domain Product: Infrastructure Version: current Hardware: All OS: All Status: UNCONFIRMED Severity: Normal Priority: P5 (lowest) Component: Website general issues Assignee: issues@openoffice.apache.org Reporter: pc_master...@yahoo.com Target Milestone: --- Created attachment 85985 --> https://bz.apache.org/ooo/attachment.cgi?id=85985&action=edit DMARC Security Missing in your domain Sir, we found DMARC Security Missing in your domain Description and Impact We found that your domain is vulnerable to Malware Injection as the fake mail headers are not blocked. We tried to send a fake mail through open smtp and found the mail reaching our server. any attacker can take advantage of this situation and inject advance attack vector into the client side using trust of your domain Reproduction Instructions/Proof of Concept Here are the steps to reproduce: We created a test bed of vul link and bound to a local website using BeEF Framework (The Browser Exploitation Framework). Details of Framework and working can be found on http://beefproject.com/ So a testbed of http://malware.localhost/ link was created using the above step. Then an open SMTP server was used, there are many that can be found let's say or https://emkei.cz/ or https://anonymousemail.me/ Then a trusted mail from your domain was sent to one of our team members. Due to Missing Fake Header Checks, the Mail shipped directly to our inbox. I am attaching a simple POC along this form to make it more clear. This is a serious flaw and has been handled by many companies using Domain-based Message Authentication, Reporting and Conformance (DMARC). For eg: If you try to send a fake mail using facebook domain like ad...@facebook.com it will not be delivered to the inbox of any client for any public mail like yahoo, Gmail, and outlook. But the same is happening in your domain. Please path this flaw, in case you need any further info you can revert me back. Regards, Sadik Shaikh -- You are receiving this mail because: You are the assignee for the issue.