Sequretek Advisory - Zimbra New Mail Vulnerability
6/21/2022

A new vulnerability have been disclosed in Zimbra Email suite that if exploited successfully could enable an unauthenticated attacker to steal cleartext passwords of user.

• A new vulnerability has been disclosed in Zimbra email suite that allows an unauthenticated attacker to steal credentials of user without any user interaction.

• The attacker can consequently access victim’s mailboxes, potentially escalate their accesses to the targeted organizations and gain access to various internal services and steal highly sensitive information.

• With mail access, attackers can reset passwords, impersonate their victims, and silently read all private conversations within the targeted company.

• The vulnerability impacts Zimbra releases 8.8.x and 9.x for both open-source and the commercial versions of the platform.

Sign Up Here for Download