A critical vulnerability has been identified in Ferozo Webmail v1.1, where the MX (Mail Exchange) server of DonWeb completely disregards configured DMARC (Domain-based Message Authentication, Reporting, and Conformance) policies. Although domains have set DMARC policies to "reject" unauthorized or spoofed emails, DonWeb's mail servers fail to validate these policies, allowing spoofed emails to bypass authentication and reach users' inboxes. This oversight opens the door for attackers to impersonate legitimate domains, significantly increasing the risk of phishing and spoofing attacks.
- Low
- None
- Not Required
- Mail Server DMARC Handling: DonWeb's MX server lacks proper enforcement of DMARC policies, allowing spoofed emails to slip through without authentication checks.
- Email Spoofing: Attackers can impersonate trusted entities by bypassing DMARC controls, presenting a severe risk for phishing attacks, data compromise, and malware distribution.
- Reputation Risk: The failure to enforce DMARC policies could result in severe reputational harm, as users may be more susceptible to spoofed emails appearing to come from trusted domains.
- DMARC Enforcement: It is crucial for DonWeb to configure its MX server to strictly enforce DMARC policies, particularly for those domains specifying "reject" as their policy.
- Regular Audits: Implement routine audits of email configurations to ensure DMARC adherence and prevent unauthorized email spoofing.
- User Awareness: Educate users on how to identify potential phishing emails, as the lack of DMARC validation means spoofed emails can appear as legitimate.
The oversight in DMARC policy validation on DonWeb's MX server poses a substantial risk to email security, undermining the primary purpose of DMARC as a tool for protecting domains against spoofing and phishing. Addressing this vulnerability is essential to maintain trust and security for users relying on DonWeb’s email infrastructure.
CVE-2024-50964
Reported by [Facundo Fernandez / Security Researcher]