#secconsult — Public Fediverse posts

After having been informed by @mathieui that #Exim is also affected, I compiled a list of what #SECConsult documented and what has been found out in the meantime. SEC Consult documented 11 mail systems (software and/or providers; many with millions of accounts) vulnerable to some form of #SMTPSmuggling. But they only informed 3. With #Exim also vulnerable (apparently presumed "clean" by SEC Consult), the list is now 12.
https://netfuture.ch/2023/12/smtp-smuggling-status/

After having been informed by @mathieui that #Exim is also affected, I compiled a list of what #SECConsult documented and what has been found out in the meantime. SEC Consult documented 11 mail systems (software and/or providers; many with millions of accounts) vulnerable to some form of #SMTPSmuggling. But they only informed 3. With #Exim also vulnerable (apparently presumed "clean" by SEC Consult), the list is now 12.
https://netfuture.ch/2023/12/smtp-smuggling-status/

After having been informed by @mathieui that #Exim is also affected, I compiled a list of what #SECConsult documented and what has been found out in the meantime. SEC Consult documented 11 mail systems (software and/or providers; many with millions of accounts) vulnerable to some form of #SMTPSmuggling. But they only informed 3. With #Exim also vulnerable (apparently presumed "clean" by SEC Consult), the list is now 12.
https://netfuture.ch/2023/12/smtp-smuggling-status/

After having been informed by @mathieui that #Exim is also affected, I compiled a list of what #SECConsult documented and what has been found out in the meantime. SEC Consult documented 11 mail systems (software and/or providers; many with millions of accounts) vulnerable to some form of #SMTPSmuggling. But they only informed 3. With #Exim also vulnerable (apparently presumed "clean" by SEC Consult), the list is now 12.
https://netfuture.ch/2023/12/smtp-smuggling-status/

After having been informed by @mathieui that #Exim is also affected, I compiled a list of what #SECConsult documented and what has been found out in the meantime. SEC Consult documented 11 mail systems (software and/or providers; many with millions of accounts) vulnerable to some form of #SMTPSmuggling. But they only informed 3. With #Exim also vulnerable (apparently presumed "clean" by SEC Consult), the list is now 12.
https://netfuture.ch/2023/12/smtp-smuggling-status/

Everyone attending #SECConsult #TimoLongin's #37c3 #SMTPSmuggling talk
https://events.ccc.de/congress/2023/hub/en/event/smtp_smuggling_spoofing_e-mails_worldwide/
at least boo them for shitting the devs in the face right before holidays.

Everyone attending #SECConsult #TimoLongin's #37c3 #SMTPSmuggling talk
https://events.ccc.de/congress/2023/hub/en/event/smtp_smuggling_spoofing_e-mails_worldwide/
at least boo them for shitting the devs in the face right before holidays.

Everyone attending #SECConsult #TimoLongin's #37c3 #SMTPSmuggling talk
https://events.ccc.de/congress/2023/hub/en/event/smtp_smuggling_spoofing_e-mails_worldwide/
at least boo them for shitting the devs in the face right before holidays.

@moanos
I can't remember a C3-Talk where #eggs or rotten #tomatoes were thrown at the presenter. That would be a first, IMHO.
#37C3 #SMTPsmuggling #SECconsult

@moanos
I can't remember a C3-Talk where #eggs or rotten #tomatoes were thrown at the presenter. That would be a first, IMHO.
#37C3 #SMTPsmuggling #SECconsult

@moanos
I can't remember a C3-Talk where #eggs or rotten #tomatoes were thrown at the presenter. That would be a first, IMHO.
#37C3 #SMTPsmuggling #SECconsult

@moanos
I can't remember a C3-Talk where #eggs or rotten #tomatoes were thrown at the presenter. That would be a first, IMHO.
#37C3 #SMTPsmuggling #SECconsult

@moanos
I can't remember a C3-Talk where #eggs or rotten #tomatoes were thrown at the presenter. That would be a first, IMHO.
#37C3 #SMTPsmuggling #SECconsult

E-Mails, die E-Mails schmuggeln und so Phishing-Mails ermöglichen!? Kein Spaß für Postmaster kurz vor den Weihnachtsferien. - Wir zeigen, worum es eigentlich geht und was Admins und Postmaster jetzt tun können.

#SMTP #smuggling #Postfix #Mailserver #Postmaster #MTA #Spoofing #SMTPSmuggling #SECconsult

https://www.heinlein-support.de/blog/smtp-smuggling-aka-postmasters-weihnachtsstress

E-Mails, die E-Mails schmuggeln und so Phishing-Mails ermöglichen!? Kein Spaß für Postmaster kurz vor den Weihnachtsferien. - Wir zeigen, worum es eigentlich geht und was Admins und Postmaster jetzt tun können.

#SMTP #smuggling #Postfix #Mailserver #Postmaster #MTA #Spoofing #SMTPSmuggling #SECconsult

https://www.heinlein-support.de/blog/smtp-smuggling-aka-postmasters-weihnachtsstress

E-Mails, die E-Mails schmuggeln und so Phishing-Mails ermöglichen!? Kein Spaß für Postmaster kurz vor den Weihnachtsferien. - Wir zeigen, worum es eigentlich geht und was Admins und Postmaster jetzt tun können.

#SMTP #smuggling #Postfix #Mailserver #Postmaster #MTA #Spoofing #SMTPSmuggling #SECconsult

https://www.heinlein-support.de/blog/smtp-smuggling-aka-postmasters-weihnachtsstress

E-Mails, die E-Mails schmuggeln und so Phishing-Mails ermöglichen!? Kein Spaß für Postmaster kurz vor den Weihnachtsferien. - Wir zeigen, worum es eigentlich geht und was Admins und Postmaster jetzt tun können.

#SMTP #smuggling #Postfix #Mailserver #Postmaster #MTA #Spoofing #SMTPSmuggling #SECconsult

https://www.heinlein-support.de/blog/smtp-smuggling-aka-postmasters-weihnachtsstress

E-Mails, die E-Mails schmuggeln und so Phishing-Mails ermöglichen!? Kein Spaß für Postmaster kurz vor den Weihnachtsferien. - Wir zeigen, worum es eigentlich geht und was Admins und Postmaster jetzt tun können.

#SMTP #smuggling #Postfix #Mailserver #Postmaster #MTA #Spoofing #SMTPSmuggling #SECconsult

https://www.heinlein-support.de/blog/smtp-smuggling-aka-postmasters-weihnachtsstress

Some additional links:

The blog post describing the attack:
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/

Security advisory by #Postfix, clearly pissed:
https://www.postfix.org/smtp-smuggling.html

Some reactions from across the fedi:
https://zombofant.net/@jssfr/111618969359339789
https://gay-pirate-assassins.de/@moanos/statuses/01HJ8D8XQ7ZJ89HN4TZFZZ9AS8
https://waldvogel.family/@marcel/111622567290149119

As Timo clearly likes getting recognition for his work, I for one will be remembering his name, and the name of #SECConsult, his employer, for giving us this Christmas present. 💝

Thanks Timo. Now get off the fucking stage.

Some additional links:

The blog post describing the attack:
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/

Security advisory by #Postfix, clearly pissed:
https://www.postfix.org/smtp-smuggling.html

Some reactions from across the fedi:
https://zombofant.net/@jssfr/111618969359339789
https://gay-pirate-assassins.de/@moanos/statuses/01HJ8D8XQ7ZJ89HN4TZFZZ9AS8
https://waldvogel.family/@marcel/111622567290149119

As Timo clearly likes getting recognition for his work, I for one will be remembering his name, and the name of #SECConsult, his employer, for giving us this Christmas present. 💝

Thanks Timo. Now get off the fucking stage.

Some additional links:

The blog post describing the attack:
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/

Security advisory by #Postfix, clearly pissed:
https://www.postfix.org/smtp-smuggling.html

Some reactions from across the fedi:
https://zombofant.net/@jssfr/111618969359339789
https://gay-pirate-assassins.de/@moanos/statuses/01HJ8D8XQ7ZJ89HN4TZFZZ9AS8
https://waldvogel.family/@marcel/111622567290149119

As Timo clearly likes getting recognition for his work, I for one will be remembering his name, and the name of #SECConsult, his employer, for giving us this Christmas present. 💝

Thanks Timo. Now get off the fucking stage.

Some additional links:

The blog post describing the attack:
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/

Security advisory by #Postfix, clearly pissed:
https://www.postfix.org/smtp-smuggling.html

Some reactions from across the fedi:
https://zombofant.net/@jssfr/111618969359339789
https://gay-pirate-assassins.de/@moanos/statuses/01HJ8D8XQ7ZJ89HN4TZFZZ9AS8
https://waldvogel.family/@marcel/111622567290149119

As Timo clearly likes getting recognition for his work, I for one will be remembering his name, and the name of #SECConsult, his employer, for giving us this Christmas present. 💝

Thanks Timo. Now get off the fucking stage.

Some additional links:

The blog post describing the attack:
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/

Security advisory by #Postfix, clearly pissed:
https://www.postfix.org/smtp-smuggling.html

Some reactions from across the fedi:
https://zombofant.net/@jssfr/111618969359339789
https://gay-pirate-assassins.de/@moanos/statuses/01HJ8D8XQ7ZJ89HN4TZFZZ9AS8
https://waldvogel.family/@marcel/111622567290149119

As Timo clearly likes getting recognition for his work, I for one will be remembering his name, and the name of #SECConsult, his employer, for giving us this Christmas present. 💝

Thanks Timo. Now get off the fucking stage.

Wenige Tage bevor alle Systemadministratoren sich zu ihren Familien in die verdienten Weihnachtsferien zurückziehen, lässt SEC Consult die Bombe platzen: Die Antispam-Massnahmen der weitverbreitesten Mailserver können ausgehebelt werden, sogar die Vortragsreise dazu ist schon geplant. Nur: Der weitverbreiteste Mailserver weiss davon nichts, seine User sind ungeschützt.
#SMTP #SMTPSmuggling #Postfix #SECconsult #disclosure
https://dnip.ch/2023/12/22/nicht-wirklich-responsible-disclosure-die-extraportion-spam-ueber-die-festtage/

Wenige Tage bevor alle Systemadministratoren sich zu ihren Familien in die verdienten Weihnachtsferien zurückziehen, lässt SEC Consult die Bombe platzen: Die Antispam-Massnahmen der weitverbreitesten Mailserver können ausgehebelt werden, sogar die Vortragsreise dazu ist schon geplant. Nur: Der weitverbreiteste Mailserver weiss davon nichts, seine User sind ungeschützt.
#SMTP #SMTPSmuggling #Postfix #SECconsult #disclosure
https://dnip.ch/2023/12/22/nicht-wirklich-responsible-disclosure-die-extraportion-spam-ueber-die-festtage/

Wenige Tage bevor alle Systemadministratoren sich zu ihren Familien in die verdienten Weihnachtsferien zurückziehen, lässt SEC Consult die Bombe platzen: Die Antispam-Massnahmen der weitverbreitesten Mailserver können ausgehebelt werden, sogar die Vortragsreise dazu ist schon geplant. Nur: Der weitverbreiteste Mailserver weiss davon nichts, seine User sind ungeschützt.
#SMTP #SMTPSmuggling #Postfix #SECconsult #disclosure
https://dnip.ch/2023/12/22/nicht-wirklich-responsible-disclosure-die-extraportion-spam-ueber-die-festtage/

Wenige Tage bevor alle Systemadministratoren sich zu ihren Familien in die verdienten Weihnachtsferien zurückziehen, lässt SEC Consult die Bombe platzen: Die Antispam-Massnahmen der weitverbreitesten Mailserver können ausgehebelt werden, sogar die Vortragsreise dazu ist schon geplant. Nur: Der weitverbreiteste Mailserver weiss davon nichts, seine User sind ungeschützt.
#SMTP #SMTPSmuggling #Postfix #SECconsult #disclosure
https://dnip.ch/2023/12/22/nicht-wirklich-responsible-disclosure-die-extraportion-spam-ueber-die-festtage/

Wenige Tage bevor alle Systemadministratoren sich zu ihren Familien in die verdienten Weihnachtsferien zurückziehen, lässt SEC Consult die Bombe platzen: Die Antispam-Massnahmen der weitverbreitesten Mailserver können ausgehebelt werden, sogar die Vortragsreise dazu ist schon geplant. Nur: Der weitverbreiteste Mailserver weiss davon nichts, seine User sind ungeschützt.
#SMTP #SMTPSmuggling #Postfix #SECconsult #disclosure
https://dnip.ch/2023/12/22/nicht-wirklich-responsible-disclosure-die-extraportion-spam-ueber-die-festtage/

"🚨 Multiple Vulnerabilities Unveiled in SAP® Enable Now Manager 🚨"

SEC Consult has disclosed multiple vulnerabilities in SAP® Enable Now Manager, which could potentially allow a remote, unauthenticated attacker to create new administrative user accounts by exploiting a chain of vulnerabilities. The vulnerabilities include Open Redirect, Reflected Cross Site Scripting (XSS), and Insufficient Cross-Site Request Forgery (CSRF) Protection. The vendor has pushed a fix in the May 2023 Release for the Cloud Edition.

🔗 Source: Full Disclosure Mailing List

🔗 Advisory URL: SEC Consult

Tags: #SAP #Vulnerability #CyberSecurity #InfoSec #XSS #CSRF #OpenRedirect #SECConsult #CyberAttack #PatchUpdate 🌐🔐🔍

👥 Researchers: Paul Serban, Fabian Hagg from SEC Consult Vulnerability Lab (SEC Consult)

"🚨 Multiple Vulnerabilities Unveiled in SAP® Enable Now Manager 🚨"

SEC Consult has disclosed multiple vulnerabilities in SAP® Enable Now Manager, which could potentially allow a remote, unauthenticated attacker to create new administrative user accounts by exploiting a chain of vulnerabilities. The vulnerabilities include Open Redirect, Reflected Cross Site Scripting (XSS), and Insufficient Cross-Site Request Forgery (CSRF) Protection. The vendor has pushed a fix in the May 2023 Release for the Cloud Edition.

🔗 Source: Full Disclosure Mailing List

🔗 Advisory URL: SEC Consult

Tags: #SAP #Vulnerability #CyberSecurity #InfoSec #XSS #CSRF #OpenRedirect #SECConsult #CyberAttack #PatchUpdate 🌐🔐🔍

👥 Researchers: Paul Serban, Fabian Hagg from SEC Consult Vulnerability Lab (SEC Consult)

"🚨 Multiple Vulnerabilities Unveiled in SAP® Enable Now Manager 🚨"

SEC Consult has disclosed multiple vulnerabilities in SAP® Enable Now Manager, which could potentially allow a remote, unauthenticated attacker to create new administrative user accounts by exploiting a chain of vulnerabilities. The vulnerabilities include Open Redirect, Reflected Cross Site Scripting (XSS), and Insufficient Cross-Site Request Forgery (CSRF) Protection. The vendor has pushed a fix in the May 2023 Release for the Cloud Edition.

🔗 Source: Full Disclosure Mailing List

🔗 Advisory URL: SEC Consult

Tags: #SAP #Vulnerability #CyberSecurity #InfoSec #XSS #CSRF #OpenRedirect #SECConsult #CyberAttack #PatchUpdate 🌐🔐🔍

👥 Researchers: Paul Serban, Fabian Hagg from SEC Consult Vulnerability Lab (SEC Consult)

"🚨 Multiple Vulnerabilities Unveiled in SAP® Enable Now Manager 🚨"

SEC Consult has disclosed multiple vulnerabilities in SAP® Enable Now Manager, which could potentially allow a remote, unauthenticated attacker to create new administrative user accounts by exploiting a chain of vulnerabilities. The vulnerabilities include Open Redirect, Reflected Cross Site Scripting (XSS), and Insufficient Cross-Site Request Forgery (CSRF) Protection. The vendor has pushed a fix in the May 2023 Release for the Cloud Edition.

🔗 Source: Full Disclosure Mailing List

🔗 Advisory URL: SEC Consult

Tags: #SAP #Vulnerability #CyberSecurity #InfoSec #XSS #CSRF #OpenRedirect #SECConsult #CyberAttack #PatchUpdate 🌐🔐🔍

👥 Researchers: Paul Serban, Fabian Hagg from SEC Consult Vulnerability Lab (SEC Consult)

"🚨 Multiple Vulnerabilities Unveiled in SAP® Enable Now Manager 🚨"

SEC Consult has disclosed multiple vulnerabilities in SAP® Enable Now Manager, which could potentially allow a remote, unauthenticated attacker to create new administrative user accounts by exploiting a chain of vulnerabilities. The vulnerabilities include Open Redirect, Reflected Cross Site Scripting (XSS), and Insufficient Cross-Site Request Forgery (CSRF) Protection. The vendor has pushed a fix in the May 2023 Release for the Cloud Edition.

🔗 Source: Full Disclosure Mailing List

🔗 Advisory URL: SEC Consult

Tags: #SAP #Vulnerability #CyberSecurity #InfoSec #XSS #CSRF #OpenRedirect #SECConsult #CyberAttack #PatchUpdate 🌐🔐🔍

👥 Researchers: Paul Serban, Fabian Hagg from SEC Consult Vulnerability Lab (SEC Consult)