CVE-2020-12272

OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring.
Configurations

Configuration 1

cpe:2.3:a:trusteddomain:opendmarc:1.4.0:beta1:*:*:*:*:*:*
cpe:2.3:a:trusteddomain:opendmarc:*:*:*:*:*:*:*:*
cpe:2.3:a:trusteddomain:opendmarc:1.4.0:-:*:*:*:*:*:*
cpe:2.3:a:trusteddomain:opendmarc:1.4.0:beta0:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Information

Published : 2020-04-27 02:15

Updated : 2022-11-16 03:20


NVD link : CVE-2020-12272

Mitre link : CVE-2020-12272

Products Affected
CWE
CWE-290

Authentication Bypass by Spoofing