Zimbra mail client critical bug allows stealing email logins
➤Summary
Zimbra E-Mail client vulnerability is as severe as it gets
Technical details have emerged on a highly severe vulnerability affecting certain versions of the Zimbra email server provider. Hackers might have exploited this bug to steal logins without authentication or any user interaction.
The security issue is tracked as CVE-2022-27924 and impacts Zimbra releases 8.8.x and 9.x for both open-source and the commercial versions of the platform.
Is there a hotfix?
A hot fix has been published by Zimbra in versions ZCS 9.0.0 Patch 24.1 and ZCS 8.8.15 Patch 31.1. It became available since May 10, 2022. Zimbra software is used by various organisations worldwide, including officials, financial, industrial and educational sectors.
The flaw has been described in a report from researchers at SonarSource, who summarized it as “Memcached poisoning with an unauthenticated request.” Exploitation is possible via a CRLF injection into the username of Memcached lookups.
Memcached is an internal-service instance that stores key/value pairs for email accounts to improve Zimbra’s performance by reducing the number of HTTP requests to the Lookup Service. Memcache sets and retrieves those pairs using a simple text-based protocol.
SonarSource has shared YouTube video to demonstrate exploit of the vulnerability.
Researchers explain, that when the Mail client restarts or needs to re-connect, which can happen periodically, it will re-authenticate itself to the targeted Zimbra instance.
Kaduu Team urges you to update Zimbra version shall you use this mail client.
Your data might already be exposed. Most companies find out too late. Let ’s change that. Trusted by 100+ security teams.
🚀Ask for a demo NOW →Q: What is dark web monitoring?
A: Dark web monitoring is the process of tracking your organization’s data on hidden networks to detect leaked or stolen information such as passwords, credentials, or sensitive files shared by cybercriminals.
Q: How does dark web monitoring work?
A: Dark web monitoring works by scanning hidden sites and forums in real time to detect mentions of your data, credentials, or company information before cybercriminals can exploit them.
Q: Why use dark web monitoring?
A: Because it alerts you early when your data appears on the dark web, helping prevent breaches, fraud, and reputational damage before they escalate.
Q: Who needs dark web monitoring services?
A: MSSP and any organization that handles sensitive data, valuable assets, or customer information from small businesses to large enterprises benefits from dark web monitoring.
Q: What does it mean if your information is on the dark web?
A: It means your personal or company data has been exposed or stolen and could be used for fraud, identity theft, or unauthorized access immediate action is needed to protect yourself.