Handy FB Scripts

Free FB Extensions

Social Applications
Free Social Applications
Neww
Social Media Scripts

G+,LinkedIn & Other

VMWare Zimbra Mailer Release 8.6.0.GA Replay Attack

Hi@all,

VMWare Zimbra Mailer Release 8.6.0.GA, latest patch and prior versions
with DKIM implementation are vulnerable to longterm Mail Replay attacks.

If the expiratio Hi@all,

VMWare Zimbra Mailer Release 8.6.0.GA, latest patch and prior versions
with DKIM implementation are vulnerable to longterm Mail Replay attacks.

If the expiration header is not set, the signature never expires. This
means, that the e-mail, perhaps catched while performing a man in the
middle attack, can be replayed years after catching it.

This can be combined with the spoofed reply-to header field, because the
header field is not hashed by Zimbras DKIM implementation.

Supporter of vulnerability analysis: Steffen Mauer @this point I want to
thank Steffen for his good work =)

Background:
To configure DKIM with VMware Zimbra the official documentation advises
the administrator to use the zimbra management tools. With the
management tools there is no possibility to add custom Header’s for
hashing it with DKIM or for setting the expiration DKIM Header.
(https://wiki.zimbra.com/wiki/Configuring_for_DKIM_Signing)

________________________________________
PoC Headerpart:
The DKIM Implementation implements the following DKIM Header:
Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=0mail.org;
s=76820800-C732-11E5-858E-A0DD11F66BE4; t=1454147943;
bh=c/tw0mGbL980zPjwnIKgPM7ubA7wLOVGbMr3y9WADOY=;
h=From:Content-Type:Content-Transfer-Encoding:Subject:Message-Id:
Date:To:Mime-Version;
b=c8dL4dRpnjMeV2OxFbz+1Z2n49PDlUx+XsiodKvmAOh1znOxRW3NDKYk7Bwmlw453
04uFAwLsBl7M1u7mxr/wdp4fZTEQtfJhhUonNJMKDBOxTdiQPOLhcVKC2tEaSLyKpq
Rvtp9ECFFqHstyRHk57UOzMi8PMRusl8lP5B43kY=
________________________________________
Report Timeline:

There has been no response from VMware for 14 Days.


Best regards / Mit freundlichen Grüßen

Tim Schughart
IT Security engineer

ProSec Networks
Website: https://www.prosec-networks.com
E-Mail: info@prosec.networks.com
Phone: +49(0) 2621 9469 252

Print Email

Copyright © 2016 Twitter/shreateh