Vulnerability report : No Valid SPF record

[Kam Ran]

Hi team,

Hope you are doing well :)

I have found a SPF vulnerability in https://sonic-net.github.io/

This vulnerability allows attackers to send email messages that appear to come from a trusted or legitimate sender.

CVSS Score: 

The CVSS score for this vulnerability could be around 8.1, indicating a high-severity vulnerability.

Description:

The Sender Policy Framework (SPF) is a widely used email authentication protocol designed to detect and prevent email spoofing. SPF works by allowing domain owners to specify which mail servers are authorized to send emails on their behalf. When a receiving email server receives an email, it checks the domain's SPF record to verify if the sending mail server is authorized to send emails for that domain.

However, the SPF protocol can be vulnerable to spoofing attacks. One example of this is Sender ID spoofing, which can occur when an attacker forges the "From" address in an email to make it appear as if it was sent by a trusted sender. To do this, the attacker can modify the SMTP envelope sender, which is used to specify the sender's address in the email header.

I found :

Screenshot:

The Email i received:

Attack Scenario:

An attacker will send phishing mail or anything malicious mail to the victim via mail:  sonicp...@googlegroups.com  , even if the victim is aware of a phishing attack, he will check the Origin email which will be  sonicp...@googlegroups.com   so he will be sure that its not fake mail and get trapped by the attacker!

This can be done using any PHP mailer tool like this:

<?PHP
$to = "VIC...@example.com";
$subject = "Password Change";
$txt = "Change your password by visiting here - [VIRUS LINK HERE]l";
$headers = "From:    sonicp...@googlegroups.com  ";

mail($to,$subject,$txt,$headers);
?>

Impact: 

The impact of this vulnerability is significant as it can allow attackers to conduct phishing attacks or deliver malicious content to potential targets. It can damage the reputation of legitimate senders and mislead recipients into believing that the email is legitimate.

Remediation :
Implement an SPF record.

References:

• https://www.digitalocean.com/community/tutorials/how-to-use-an-spf-record-to-prevent-spoofing-improve-email-reliability
  Have a look at the digital ocean article for a better understanding!
• "Sender Policy Framework (SPF)". RFC 7208. https://tools.ietf.org/html/rfc7208

Further, I am expecting compensation for a responsible disclosure and please address the issue. It will be helpful for your website's security and if you wish we can discuss this further through Via Linkedin, Signal, Telegram , Zoom, Skype or Google meet . 

Let me know if you are interested in more vulnerability reports and if you need any help from my end regarding the reported vulnerability :)

Looking forward to your positive response.

Thanks & Best regards

Kam