[#14748] mailsploit vulnerability
Summary mailsploit vulnerability
Queue IMP
Queue Version 6.2.21
Type Bug
State Unconfirmed
Priority 1. Low
Owners
Requester sca@andreasschulze.de
Created 2017-12-05 (680 days ago)
Due
Updated 2017-12-06 (679 days ago)
Assigned
Resolved
Milestone
Patch No

Comments
sca@andreasschulze.de 2017-12-05 21:47:17
many client are affected by 'mailsploit': https://www.mailsploit.com/index

Basically the attacker uses special characters inside encoded words to 
spoof the sender:

From: 
=?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?==?utf-8?Q?=00?==?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?=@mailsploit.com

Such header naively decoded incorrectly is:
potus@whitehouse.gov\0potus@whitehouse.gov@mailsploit.com

IMP fail to decode / parse the RFC5322.From Header correctly

sca@andreasschulze.de 2017-12-06 12:23:31
> many client are affected by 'mailsploit': https://www.mailsploit.com/index
>
> Basically the attacker uses special characters inside encoded words 
> to spoof the sender:
>
> From: 
> =?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?==?utf-8?Q?=00?==?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?=@mailsploit.com
>
> Such header naively decoded incorrectly is:
> potus@whitehouse.gov\0potus@whitehouse.gov@mailsploit.com
>
> IMP fail to decode / parse the RFC5322.From Header correctly


there is a MAAWG Recommendation document:
https://www.m3aawg.org/sites/default/files/m3aawg-unicode-best-practices-2016-02.pdf