QwikSec

Security Database

CVE

CWE

Training

CVE-2020-12272

Published: Apr 27, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://sourceforge.net/p/opendmarc/tickets/237/

https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf

FEDORA-2021-1ec3c5ed63

vendor-advisory

FEDORA-2021-433e7d72ce

vendor-advisory

[debian-lts-announce] 20230828 [SECURITY] [DLA 3546-1] opendmarc security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.