Security Vulnerability - SMTP protection not used
Ketankumar Godhani
ketan.kt21 at gmail.com
Wed Jan 27 06:26:22 EST 2016
Hi,
I'm checking your website found SPF record there.
You should apply strict SMPT policy to stop spoofed email sending from your
domain.
An attacker would send a Fake email from security at pidgin.im saying that
Please change your password, The victim is aware of phishing attacks, But
when he sees that the mail originated from security at pidgin.im , He has no
other way than to believe it. Clicking on the link takes him to a website
where certain JavaScript is executed which steals his Id and password
(SESSION COOKIE). The results can be more dangerous.
<?php
$to = "VICTIM at example.com";
$subject = "Password Change";
$txt = "Change your password by visiting here -
[VIRUS LINK HERE]";
$headers = "From: security at pidgin.im";
mail($to,$subject,$txt,$headers);
?>
Fix :
Your SPF record is
No valid SPF record found of either type TXT or type SPF.
I strongly recommend you to read this article :
https://www.digitalocean.com/community/tutorials/how-to-use-an-spf-record-to-prevent-spoofing-improve-e-mail-reliability
You can check your SPF here:
http://www.kitterman.com/spf/validate.html
*POC: *Find Attachment
--
Thanks,
*Ketankumar B. Godhani*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20160127/ee6707a4/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: p_1.PNG
Type: image/png
Size: 186307 bytes
Desc: not available
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20160127/ee6707a4/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: p_2.PNG
Type: image/png
Size: 122589 bytes
Desc: not available
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20160127/ee6707a4/attachment-0003.png>
More information about the security
mailing list