[Tickets #14748] mailsploit vulnerability

noreply at bugs.horde.org noreply at bugs.horde.org
Tue Dec 5 21:47:17 UTC 2017


BITTE NICHT AUF DIESE NACHRICHT ANTWORTEN. NACHRICHTEN AN DIESE  
E-MAIL-ADRESSE WERDEN NICHT GELESEN.

Ticket-URL: https://bugs.horde.org/ticket/14748
------------------------------------------------------------------------------
  Ticket           | 14748
  Erstellt Von     | sca at andreasschulze.de
  Zusammenfassung  | mailsploit vulnerability
  Warteschlange    | IMP
  Version          | 6.2.21
  Typ              | Bug
  Status           | Unconfirmed
  Priorität        | 1. Low
  Milestone        |
  Patch            |
  Zuständige       |
------------------------------------------------------------------------------


sca at andreasschulze.de (2017-12-05 21:47) hat geschrieben:

many client are affected by 'mailsploit': https://www.mailsploit.com/index

Basically the attacker uses special characters inside encoded words to  
spoof the sender:

From:  
=?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?==?utf-8?Q?=00?==?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?=@mailsploit.com

Such header naively decoded incorrectly is:
potus at whitehouse.gov\0potus at whitehouse.gov@mailsploit.com

IMP fail to decode / parse the RFC5322.From Header correctly



sca at andreasschulze.de (2017-12-05 21:47) hat hochgeladen: mailsploit.png

https://bugs.horde.org/h/services/download/?app=whups&actionID=download_file&file=mailsploit.png&ticket=14748&fn=%2Fmailsploit.png





More information about the bugs mailing list