OpenDMARC Vulnerability: Domain Spoofing via Incorrect Parsing and Interpretation of Authentication Results

OpenDMARC Vulnerability: Domain Spoofing via Incorrect Parsing and Interpretation of Authentication Results

CVE-2020-12272 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring.

Learn more about our Web Application Penetration Testing UK.