oss-sec mailing list archives
Re: spoofing of local email sender via a homoglyph attack
From: Jeremy Stanley <fungi () yuggoth org>
Date: Thu, 23 Apr 2020 19:10:32 +0000
On 2020-04-23 20:12:34 +0200 (+0200), Solar Designer wrote: [...]
What you reported originally, where you bypass something that just happens that way in some configurations and wasn't meant to provide any security against sender address spoofing, looks like even less of an issue to me.
[...] Indeed, if the local attacker is already capable of opening a socket to the MTA, then it seems like it would be even easier instead to just open an outbound socket to the target's MTA directly from that server and bypass the restrictions applied by the local relaying MTA entirely (unless the local MTA process has privileged access to something like a DKIM key or durable TLS client key which the attacker can't access due to filesystem ACLs). Then they wouldn't need to lean on lack of homoglyph differentiation at the recipient's end at all. -- Jeremy Stanley
Attachment:
signature.asc
Description:
Current thread:
- spoofing of local email sender via a homoglyph attack PromiseLabs Pentest Research (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack Solar Designer (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack PromiseLabs Pentest Research (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack Solar Designer (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack PromiseLabs Pentest Research (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack Solar Designer (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack Jeremy Stanley (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack John Haxby (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack PromiseLabs Pentest Research (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack Wietse Venema (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack Solar Designer (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack Claus Assmann (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack Stuart D. Gathman (Apr 23)