- #Dkim signature body hash not verified office 365 update#
- #Dkim signature body hash not verified office 365 download#
If Rita just checks if the DKIM signature is valid she will not see any problems. This can be done by creating a mail with a valid DKIM signature and then add a faked From header on top. Notably mails from use(d?) this feature and I've used one to successfully replace the content in the way I described while keeping the signature valid.Īpart from modifying an existing mail from Sammy the attacker might also be able to create a new mail to Rita which looks like it came from Sammy. uses a l= tag (most ordinary emails usually don't)Īctually I was surprised how many DKIM signatures with l= I've found in my mailbox. This is the last line included in the body hash Here is the original content, no matter if single part or multipart Example: Content-type: multipart/mixed boundary=my_own_boundary The boundary is then designed to skip over the existing content included in the hash which will be treated as the preamble for the new MIME parts (and thus will not be shown). If the DKIM signature uses l= to limit how many lines are used in the body hash one can also "replace" the content of mail by changing (or adding) the Content-type to some multipart type with a special boundary.
#Dkim signature body hash not verified office 365 download#
Example: Subject: Mail corrupt? Download hotfix for your mail client at Content-Transfer-Encoding: base64 Similar changing Content-Transfer-Encoding to base64 for non-multipart content can cause it to display only gibberish which can be similar used in a social attack. Example: Subject: Blank mail? Download hotfix for your mail client at Content-type: multipart/mixed boundary=boundary_does_not_exist
#Dkim signature body hash not verified office 365 update#
When combined with spoofing the Subject ("download update from hxxp://.") and/or the Reply-To this unexpected blank content can be used for a social attack. For example having a Content-Type multipart with a non-existing boundary causes Thunderbird to no longer show the original text of the mail but instead a blank content. Manipulating these headers can have interesting effects. Notably Content-Type and Content-Transfer-Encoding have special meaning on how the content gets interpreted. protected against change or against adding a new header). There are some mail headers which have interesting side effects and often these headers are not fully protected (i.e. Interestingly the first From line is only used in the mail view while in the list view of all mails it shows the last From line.Īs for other attacks or how the attacks you've described can be used in in a way you might not have realized: Thus the DKIM signature is considered valid even though From, To and Subject are spoofed. I've checked how Thunderbird behaves by modifying an existing mail and it actually takes the first headers for display of From, To and Subject while the DKIM signature mechanism starts from the end :(. Are there any other attacks I've overlooked?įirst, nice question. Probably not relevant in most situations.Įach one of these has limitations on what the attacker can achieve. RFC 6376 points out a more obscure attack, if the DKIM header in the original email uses a l= tag (most ordinary emails usually don't) and uses it incautiously. Credit: Thanks to Robert Graham for pointing out this trick.Īdd content after signed section. If I understand correctly, the DKIM signature only covers headers after the DKIM header, so the signature will appear to be valid despite the fact that the malicious header value wasn't signed. To be more specific, place a malicious header - say, a From: header with a malicious value - before the DKIM header. DKIM will only check the last one if the email client displays the first one, then a successful attack becomes possible. Add multiple versions of the same header, with a different value. That header will likely still be displayed by Rita's email client even though it's not included in the DKIM signature. Add a header that wasn't present in the original email and isn't included in the DKIM signature. So far I have learned of three techniques to do this:Īdd new header. Can this be done? How much can an attacker modify? I want to modify the email so that the header values that are displayed in Rita's mail client differ from what was DKIM signed, but I still want the email Rita receives to appear to be DKIM-verified when passed through a DKIM validator. I know Sammy will apply a DKIM signature to the email and Rita is going to check the DKIM signature with a DKIM validator. Sammy the sender is sending email to Rita the recipient.
0 kommentar(er)
