[opendmarc-users] unverified - OpenDMARC Bug
Scott Kitterman
sklist at kitterman.com
Wed Sep 18 22:59:43 PDT 2019
On Wednesday, September 11, 2019 12:50:27 PM EDT A. Schulze wrote:
> Hello,
>
> Golem, a german online IT magazin, reported about a Bug in OpenDMARC.
> https://www.golem.de/news/opendmarc-aktiv-ausgenutzte-dmarc-sicherheitslueck
> e-ohne-fix-1909-143798.html
>
> Protonmail found that bug actively used
> https://protonmail.com/blog/bellingcat-cyberattack-phishing/
>
> Also there is a proposed fix available as pull request on GitHub
> https://github.com/trusteddomainproject/OpenDMARC/pull/48
>
> This message is intended only to relay that info unfiltered to the list.
In case anyone isn't following the pull-reques. I've replicated what I
believe the attack to be and verified that the proposed change addresses it.
CVE-2019-16378 has been assigned to this issue.
Scott K
More information about the opendmarc-users
mailing list