6.0.0-beta1
10/23/25

[#14748] mailsploit vulnerability
Summary mailsploit vulnerability
Queue IMP
Queue Version 6.2.21
Type Bug
State Unconfirmed
Priority 1. Low
Owners
Requester sca (at) andreasschulze (dot) de
Created 12/05/2017 (2879 days ago)
Due
Updated 12/06/2017 (2878 days ago)
Assigned
Resolved
Github Issue Link
Github Pull Request
Milestone
Patch No

History
12/06/2017 12:23:31 PM sca (at) andreasschulze (dot) de Comment #2 Reply to this comment

[Show Quoted Text - 12 lines]
there is a MAAWG Recommendation document:
https://www.m3aawg.org/sites/default/files/m3aawg-unicode-best-practices-2016-02.pdf

12/05/2017 09:47:17 PM sca (at) andreasschulze (dot) de Comment #1
State ⇒ Unconfirmed
Priority ⇒ 1. Low
Type ⇒ Bug
Summary ⇒ mailsploit vulnerability
Queue ⇒ IMP
Milestone ⇒
Patch ⇒ No
New Attachment: mailsploit.png Download		 Reply to this comment
many client are affected by 'mailsploit': https://www.mailsploit.com/index

Basically the attacker uses special characters inside encoded words to 
spoof the sender:

From: 
=?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?==?utf-8?Q?=00?==?utf-8?b?cG90dXNAd2hpdGVob3VzZS5nb3Y=?=@mailsploit.com

Such header naively decoded incorrectly is:
potus@whitehouse.gov\0potus@whitehouse.gov@mailsploit.com

IMP fail to decode / parse the RFC5322.From Header correctly
New Ticket
My Tickets
Search
Query Builder
Reports

Saved Queries

Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers