Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Centrifuge - #1 Vulnerability Report (Missing DMARC Record) #2

Open
roony0072 opened this issue Jul 9, 2019 · 0 comments
Open

Centrifuge - #1 Vulnerability Report (Missing DMARC Record) #2

roony0072 opened this issue Jul 9, 2019 · 0 comments

Comments

@roony0072
Copy link

Dear Team,

I found an weak spot on your website.

Vulnerability Name: Missing DMARC Record

Vulnerable URL: centrifuge.io

Email spoofing is possible due to missing DMARC Records.

Due to this Server Security Misconfiguration > Mail Server Misconfiguration > Email Spoofing to Inbox due to Missing or Misconfigured DMARC on Email Domain.

To check DMARC record.
Link: https://mxtoolbox.com/DMARC.aspx

As said by you for DMARC you don't want to reject any messages you can set 'P=None'
DMARC

Attached screenshot for your reference.
centrifugeDMARC

Regards,
Rohan Patil
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@roony0072