Page 1 of 1

'From' spoofing?

Posted: Thu Dec 07, 2017 12:41 am
by chrisrm
Here's an unpleasant thing noted by the Register: https://www.theregister.co.uk/2017/12/0 ... ofing_bug/ . Any thoughts as to whether the various MailWashers are vulnerable/fixable?

Chris M

Re: 'From' spoofing?

Posted: Thu Dec 07, 2017 1:16 am
by rusticdog
Doesn't look like the demo on his website is working right now, so I can't get the test payload emailed through. I've done a quick test with the example FROMs he posted on the website and it appears like MW isn't displaying the spoofed address, so that's good, but hopefully his demo will be up and running soon to be sure.

Re: 'From' spoofing?

Posted: Thu Dec 07, 2017 6:51 am
by davews
When I did a test earlier from his demo I can confirm that the spoofed FROM was very obvious in Mailwasher and Pegasus Mail (a program not on his list). Most of his listed programs are ones I have never heard of, so maybe it is not the big issue he is making out.

Re: 'From' spoofing?

Posted: Fri Dec 08, 2017 1:45 am
by chrisrm
Kewl, relaxing would seem to be the order of the day... Thanks for the reassurance,

Chris M

Re: 'From' spoofing?

Posted: Fri Dec 08, 2017 1:56 am
by rusticdog
I got one email result through and MailWasher is incorrectly determining the From. Though as davews says, it is noticeable as well.

So there will be some work to do, but we use a pretty stock library for grabbing that information, so once they update that it'll be a simple process for us.