A new vulnerability have been disclosed in Zimbra Email suite that if exploited successfully could enable an unauthenticated attacker to steal cleartext passwords of user.
• A new vulnerability has been disclosed in Zimbra email suite that allows an unauthenticated attacker to steal credentials of user without any user interaction.
• The attacker can consequently access victim’s mailboxes, potentially escalate their accesses to the targeted organizations and gain access to various internal services and steal highly sensitive information.
• With mail access, attackers can reset passwords, impersonate their victims, and silently read all private conversations within the targeted company.
• The vulnerability impacts Zimbra releases 8.8.x and 9.x for both open-source and the commercial versions of the platform.