Important: Security Vulnerability - Email Spoofing

ANOOPAM MISHRA f2016032 at
Fri Jul 7 11:56:33 EDT 2017

I just noticed this security vulnerability.

An email can be spoofed from security at

Here are the steps for the same:

1) Go to
2) Fill the "From-email" field as security at (or any other @ email id)
3) Fill the other details like the victim's email id

You will then receive the email from security at

You will receive it directly in yahoomail but you might receive it in spam
folder in gmail. There is some configuration missing in the mail servers as
other domains like
allow this.

This can be very dangerous as anyone can send a phishing link (or any other
mail which can trick people into believing that Pidgin has sent this mail)
and it can lead to a huge reputation loss. This could be a very serious

I have attached a screenshot as the proof.

Anoopam Mishra
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screenshot (634).png
Type: image/png
Size: 355559 bytes
Desc: not available
URL: <>

More information about the security mailing list