Summary: A newly identified technique called SMTP smuggling poses a significant threat to email security by exploiting vulnerabilities in Microsoft Exchange Online, GMX, and Cisco Secure Email Gateway servers. Researchers at SEC Consult have discovered that this method allows attackers to bypass Domain-based Message Authentication, Reporting, and Conformance (DMARC) as well as other email protections. By manipulating the Simple Mail Transfer Protocol (SMTP), cybercriminals can send convincing phishing emails with fake sender addresses, creating a high risk of targeted attacks.
Details: SMTP smuggling, a part of the “smuggling vulnerability” family, takes advantage of differing interpretations of the SMTP protocol. By exploiting zero-day flaws in messaging servers, attackers can send malicious emails from millions of domains to millions of SMTP servers. While Microsoft and GMX have patched their vulnerabilities, a potential misconfiguration in Cisco Secure Email remains unaddressed.
How SMTP Smuggling Works: SMTP smuggling manipulates the “<CR><LF>.<CR><LF>” end-of-data code sequence used in messaging. Attackers can break out of message data, specify arbitrary SMTP commands, and even send separate emails. This allows them to create emails that pass through typical checks by email protection protocols like DMARC, SPF, and DomainKeys Identified Mail (DKIM).
Affected Systems: Microsoft Exchange Online is susceptible to smuggling from domains pointing their SPF record to Exchange Online. GMX and Ionos email services are also affected, allowing SMTP smuggling from approximately 1.35 million different domains. The Cisco Secure Email Gateway flaw affects over 40,000 instances, enabling attackers to send spoofed emails to high-value targets such as Amazon, PayPal, and eBay.
Mitigation: Microsoft and GMX promptly addressed their vulnerabilities, but Cisco sees the identified flaw as a feature and won’t issue a warning to customers. Organizations using Cisco Secure Email Gateway are advised to change the default settings for “CR and LF Handling” to enhance protection.
Recommendations: Organizations should conduct regular security tests against their infrastructure to identify vulnerabilities and stay vigilant against emerging threats. Periodic awareness training for employees is crucial to avoid compromises through phishing attacks.
Conclusion: SMTP smuggling poses a serious risk to email security, allowing attackers to craft convincing phishing emails that can evade traditional email protections. With the potential for targeted attacks and the exploitation of major email servers, organizations must stay proactive in securing their email infrastructure and educating employees about emerging threats.
Introduction: In the early hours of January 5, the cryptocurrency community was abuzz with speculation…
Since 2019, the Operation Triangulation spyware has targeted iPhone devices, exploiting undocumented features within Apple…
The Challenge: CVE-2023-38545 In the world of digital security, a formidable adversary has emerged -…
Alert: Safeguard Your Confluence for an Urgent Upgrade! Advisory Release Date: Wednesday, Oct 4th, 2023,…
Curl, which relies on libcurl, is a widely-used command-line tool for transferring data via URL…
Introduction: In the realm of Linux security, a new vulnerability known as "Looney Tunables," officially…
This website uses cookies.
