182 – Email spoofing

Description

The absence of DMARC records could allow spoofing of the email domain.

Impact

Send unauthorized emails from the domain of the company, supplanting their identity and facilitating the realization of phishing attacks.

Recommendation

Configure a DMARC record with policies suitable for the domain.

Threat

Anonymous attacker from Internet

Expected Remediation Time

120 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: H
• Attack Requirements: N
• Privileges required: N
• User interaction: N
• Confidentiality (VC): N
• Integrity (VI): L
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: U

Requirements

• 062 - Define standard configurations
• 273 - Define a fixed security suite

Fixes

• Go
• Java
• Scala

Last updated

2024/02/15