Security News > 2022 > June > Zimbra bug allows stealing email logins with no user interaction
Technical details have emerged on a high-severity vulnerability affecting certain versions of the Zimbra email solution that hackers could exploit to steal logins without authentication or user interaction.
A fix has been published in Zimbra versions ZCS 9.0.0 Patch 24.1 and ZCS 8.8.15 Patch 31.1, available since May 10, 2022.
Memcached is an internal-service instance that stores key/value pairs for email accounts to improve Zimbra's performance by reducing the number of HTTP requests to the Lookup Service.
When the real user logs in, the Nginx Proxy in Zimbra would forward all IMAP traffic to the attacker, including the credentials in plain text.
A second exploitation technique allows bypassing the above restrictions to steal credentials for any user with no interaction and without any knowledge about the Zimbra instance.
It's worth noting that Zimbra released ZCS 9.0.0 Patch 25 and ZCS 8.8.15 Patch 32 updates yesterday with an update to OpenSSL 1.1.1n, which addresses an infinite loop vulnerability causing a denial of service, tracked as CVE-2022-0778.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-15 | CVE-2022-0778 | Infinite Loop vulnerability in multiple products The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. | 7.5 |