PT-2020-10763 · Openspf+1 · Pypolicyd-Spf+1

Jianjun

Published

2020-04-27

Updated

2022-11-16

CVE-2019-20790

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenDMARC versions 1.3.2 and 1.4.x

Description The issue allows attacks to bypass SPF and DMARC authentication when the HELO field is inconsistent with the MAIL FROM field, specifically when OpenDMARC is used with pypolicyd-spf 2.0.2.

Recommendations For OpenDMARC versions 1.3.2 and 1.4.x, consider updating pypolicyd-spf to a version later than 2.0.2 to mitigate the risk of SPF and DMARC authentication bypass. As a temporary workaround, consider restricting the use of the HELO field to minimize the risk of exploitation.

Exploit

Fix

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-290

Related Identifiers

CVE-2019-20790

MGASA-2021-0462

Affected Products

Opendmarc

Pypolicyd-Spf

PT-2020-10763 · Openspf+1 · Pypolicyd-Spf+1

CVE-2019-20790

Weakness Enumeration

Related Identifiers

Affected Products

References · 18