Zimbra Collaboration Suite (ZCS) 6.0.16 and earlier allows man-in-the-middle attackers to obtain access by sniffing the network and replaying the ZM_AUTH_TOKEN token.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Zimbra_collaboration_suite | Synacor | * | 6.0.16 (including) |
Zimbra_collaboration_suite | Synacor | 6.0.0 (including) | 6.0.0 (including) |
Zimbra_collaboration_suite | Synacor | 6.0.1 (including) | 6.0.1 (including) |
Zimbra_collaboration_suite | Synacor | 6.0.2 (including) | 6.0.2 (including) |
Zimbra_collaboration_suite | Synacor | 6.0.3 (including) | 6.0.3 (including) |
Zimbra_collaboration_suite | Synacor | 6.0.4 (including) | 6.0.4 (including) |
Zimbra_collaboration_suite | Synacor | 6.0.5 (including) | 6.0.5 (including) |
Zimbra_collaboration_suite | Synacor | 6.0.6 (including) | 6.0.6 (including) |
Zimbra_collaboration_suite | Synacor | 6.0.7 (including) | 6.0.7 (including) |
Zimbra_collaboration_suite | Synacor | 6.0.8 (including) | 6.0.8 (including) |
Zimbra_collaboration_suite | Synacor | 6.0.9 (including) | 6.0.9 (including) |
Zimbra_collaboration_suite | Synacor | 6.0.10 (including) | 6.0.10 (including) |
Zimbra_collaboration_suite | Synacor | 6.0.12 (including) | 6.0.12 (including) |
Zimbra_collaboration_suite | Synacor | 6.0.13 (including) | 6.0.13 (including) |
Zimbra_collaboration_suite | Synacor | 6.0.14 (including) | 6.0.14 (including) |
Zimbra_collaboration_suite | Synacor | 6.0.15 (including) | 6.0.15 (including) |