ZeptoClaw: Email Sender Spoofing to bypass Header-Only From Allowlist Validation

Summary The email channel authorizes senders based on the parsed From header identity only. If upstream email authentication/enforcement is weak for example, relaxed SPF/DKIM/DMARC handling, an attacker can spoof an allowlisted sender address and have the message treated as trusted input. Details...

Cleo LexiCom 安全漏洞

Cleo LexiCom is an integrated platform from Cleo, Inc. Accelerate EDI automation, speed trade partner onboarding and easily resolve EDI issues. A security vulnerability exists in Cleo LexiCom 5.5.0.0, which can be exploited by an attacker to bypass the requirement for the sender of an AS2 message...

Multiple Huawei products improperly certified for vulnerability

The Huawei P30, among others, is a smartphone from the Chinese company Huawei Huawei. A security vulnerability exists in Huawei P30, P30 Pro and Tony-AL00B that stems from the program not properly authenticating the identity of the message sender. An attacker can exploit the vulnerability by...

CVE-2020-12063

The CVE-2020-12063 issue affects Postfix 2.10.1-7 and enables spoofed outbound mail via a homoglyph attack (30F) that resembles a configured sender when /etc/postfix/sender_login is used. Multiple connected sources (SUSE, Red Hat, UB Ubuntu/BPO feeds) confirm that an attacker could send mail fr...

[SECURITY] Fedora 9 Update: dkim-milter-2.8.1-1.fc9

The dkim-milter package is an open source implementation of the DKIM sender authentication system proposed by the E-mail Signing Technology Group ESTG, now a proposed standard of the IETF RFC4871. DKIM is an amalgamation of the DomainKeys DK proposal by Yahoo!, Inc. and the Internet Identified Ma...