[Tickets #14748] Re: mailsploit vulnerability

noreply at bugs.horde.org noreply at bugs.horde.org
Wed Dec 6 20:58:54 UTC 2017


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: https://bugs.horde.org/ticket/14748
------------------------------------------------------------------------------
  Ticket             | 14748
  Updated By         | samuel.wolf at wolf-maschinenbau.de
  Summary            | mailsploit vulnerability
  Queue              | IMP
  Version            | 6.2.21
  Type               | Bug
  State              | Unconfirmed
  Priority           | 1. Low
  Milestone          |
  Patch              |
  Owners             |
------------------------------------------------------------------------------


sca at andreasschulze.de (2017-12-06 12:23) wrote:

> many client are affected by 'mailsploit': https://www.mailsploit.com/index
>
> Basically the attacker uses special characters inside encoded words  
> to spoof the sender:
>
> From:  
> =?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?==?utf-8?Q?=00?==?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?=@mailsploit.com
>
> Such header naively decoded incorrectly is:
> potus at whitehouse.gov\0potus at whitehouse.gov@mailsploit.com
>
> IMP fail to decode / parse the RFC5322.From Header correctly


there is a MAAWG Recommendation document:
https://www.m3aawg.org/sites/default/files/m3aawg-unicode-best-practices-2016-02.pdf






More information about the bugs mailing list