Security consideration: math symbols in an exotic IP address format in a phishing mail
marius.spix at web.de
Sat May 16 18:43:17 CDT 2020
Today I received an interesting phishing mail which had an URL
containing mathematical bold numbers. Interestingly the address
𝟎𝟓𝟔𝟕𝟏𝟑𝟔𝟎𝟑𝟎𝟐 was interpreted as an octal number 05671360302, which is
another spelling for 184.108.40.206. This worked for both Firefox and
Chrome. I don’t know why such an address is accepted in the authority
part of a HTTPS URI of current browsers. Section 7.4 in RFC 3986 states
that additional IP address formats can become a security concern, but
it also says that literals should be converted to numeric form.
I wonder if this case should be added to UTR #36.
More information about the Unicode