Introduction
Visit www.openspf.org for more information on this technology. Method It is held within a TXT record for the domain. You can query this with the host command under Linux/POSIX. $ host -t txt [victim].com [victim].com descriptive text "v=spf1 a mx include:[victim].com" Recommendation Consider adding SPF records to allow MX records to send email. SPF helps prevent forging of the FROM address on the receiver end. Customer MTAs which support SPF will reject fraudulent emails because the SPF record will not match the spammers IP source addresses when forging @[victim].com FROM addresses. Introduction
The version of Outlook Web Access contains a URL redirection vulnerability. However, this would require user interaction to be abused such as embedded URL within an email that is clicked on. Method It is possible to provide an arbitrary "url" value. http://mail.[victim].com/exchweb/bin/auth/owalogon.asp?url=http://[attacker]/Exchange&reason=0 Recommendation Informational only. Microsoft expects this to be resolved in Exchange 2007. |
Archives
September 2017
Categories
All
|
|
|