Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
MDaemon Mail Server 23.5.2 validates SPF, DKIM, and DMARC using the email enclosed in angle brackets (<>) in the From: header of SMTP DATA. An attacker can craft a From: header with multiple invisible Unicode thin spaces to display a spoofed sender while passing validation, allowing email spoofing even when anti-spoofing protections are in place. NOTE: this is disputed by the Supplier because UI spoofing occurs in a client, not in a server such as MDaemon's product or any other server implementation. Also, if a client without its own spoofing protection must be used, the Header Screening feature in MDaemon's product can be employed to mitigate the client-side vulnerability.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MDaemon Mail Server 安全漏洞
Vulnerability Description
MDaemon Mail Server是美国MDaemon公司的一个电子邮件服务器软件。 MDaemon Mail Server 23.5.2版本存在安全漏洞,该漏洞源于使用SMTP DATA中From标头的尖括号内电子邮件验证SPF、DKIM和DMARC时存在缺陷,可能导致电子邮件欺骗攻击。
CVSS Information
N/A
Vulnerability Type
N/A