Hello,

I consider this new report to be similar to issue #6 which is currently open.

Best regards,

Thibaud Antignac

CEA List

From: security <security-bounces@server.sparta.eu> on behalf of Security Researcher <vaishnaviresearcher@gmail.com>
Date: Thursday 26 November 2020 at 17:41
To: "security@sparta.eu" <security@sparta.eu>
Subject: [security] BUG REPORT

Dear Team,

I am Vaishnavi Pardeshi working as a security researcher and I found a bug in your website . Report of bug is as Follows .

a) VULNERABILITY TYPE- SPF RECORD NOT FOUND

b) HOW TO REPRODUCE(POC-ATTACHED IMAGE):-

1.GO TO- https://www.kitterman.com/spf/validate.html

2.put this " sparta.eu " and CLICK GET SPF RECORD

3.YOU WILL SEE THE FAULT(NO SPF RECORD FOUND )

4.In the new page that loads shows NO SPF RECORD FOUND

c) Impact

Not having SPF (Sender Policy Framework) record for a domain may help an attacker to send spoofed email, which will look like, originated from the real domain. Not only that, but this will also result in land emails in the SPAM box when SPF missing.

d) Solution :

Enable SPF RECORD

Kind regards ,

Vaishnavi Pardeshi