Vulnerability Report - Email Spoofing

[Mantisseclabs]

Summary:

I just checked for DMARC records and DMARC policy for mybit.io domain and there are none. I also checked for SPF records and there are none. (pics attached)

Effectively allowing for spam to originate from that domain.

You can validate by testing yourself over here: mxtoolbox.com

Severity: Medium

Steps to Reproduce:

This can be done using any php mailer tool like this ,

<?php $to = "VICTIM@example.com"; $subject = "Get Free Airdrops"; $txt = "Click below to get airdrops - [VIRUS LINK HERE]l"; $headers = "From: info@mybit.io"; mail($to,$subject,$txt,$headers); ?>

Impact:

This is useful in phishing, and this type of vulnerability is news worthy

1-(http://bits.blogs.nytimes.com/2015/04/09/sendgrid-email-breach-was-used-to-attack-coinbase-a-bitcoin-exchange/

2- https://medium.com/@hotbit/official-statement-notices-of-counterfeit-email-listing-hotbit-io-d1d240005d35

Due to this vulnerability, any hacker can send a forged email to your customers using your domain .Thus, getting sensitive information of your customers like login details,personal information,forced-download a virus/malware etc. Also when an attacker sends an email to your customers asking them to change their password or to get airdrops of your coin/token or even buy your product on discount.The customer,after seeing the mail,might consider the mail as legit and falls for the trap. In doing this the attacker can take them to his website where certain JavaScript is executed which steals customer's session id and password. The results can be more dangerous and impactful.

Fix:

You can find the SPF fix over here : https://www.digitalocean.com/community/tutorials/how-to-use-an-spf-record-to-prevent-spoofing-improve-e-mail-reliability

For DMARC record : https://easydmarc.com/blog/how-to-fix-no-dmarc-record-found/

and DMARC policy here: https://support.rackspace.com/how-to/create-a-dmarc-policy/

[Phoenix202020]

any updates on this @rd123myb ?