[Tickets #14748] Re: mailsploit vulnerability
noreply at bugs.horde.org
noreply at bugs.horde.org
Wed Dec 6 20:58:54 UTC 2017
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: https://bugs.horde.org/ticket/14748
------------------------------------------------------------------------------
Ticket | 14748
Updated By | samuel.wolf at wolf-maschinenbau.de
Summary | mailsploit vulnerability
Queue | IMP
Version | 6.2.21
Type | Bug
State | Unconfirmed
Priority | 1. Low
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
sca at andreasschulze.de (2017-12-06 12:23) wrote:
> many client are affected by 'mailsploit': https://www.mailsploit.com/index
>
> Basically the attacker uses special characters inside encoded words
> to spoof the sender:
>
> From:
> =?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?==?utf-8?Q?=00?==?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?=@mailsploit.com
>
> Such header naively decoded incorrectly is:
> potus at whitehouse.gov\0potus at whitehouse.gov@mailsploit.com
>
> IMP fail to decode / parse the RFC5322.From Header correctly
there is a MAAWG Recommendation document:
https://www.m3aawg.org/sites/default/files/m3aawg-unicode-best-practices-2016-02.pdf
More information about the bugs
mailing list