Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
vulnerabilitys/Zimbra 8.8.15 zmprove ca command
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
74 lines (74 sloc)
1.94 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| > Hi everyone. | |
| > | |
| > [Suggested description] | |
| > Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login | |
| > randomly created password (from the "zmprove ca" command). It is visible | |
| > in cleartext on port UDP 514 (aka the | |
| > Syslog port). | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Vulnerability Type] | |
| > Incorrect Access Control | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Vendor of Product] | |
| > Zimbra | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Affected Product Code Base] | |
| > Zimbra Collaboration Open Source - Zimbra 8.8.15 | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Affected Component] | |
| > "zimbra/zmprove ca" command | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Attack Type] | |
| > Remote | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Impact Escalation of Privileges] | |
| > true | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Impact Information Disclosure] | |
| > true | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [CVE Impact Other] | |
| > Default user/password | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Attack Vectors] | |
| > when an user created with "zmprove ca" command in zimbra, a random | |
| > password will generate with it. but, when an eavesdropper listening to | |
| > port UDP 514 aka Syslog port, the password can be seen in clear text | |
| > with "COMMAND=zimbra/zmprove ca username and password" format. admin | |
| > can active most change password option but it's not enough. | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Reference] | |
| > https://medium.com/@soheil.samanabadi/zimbra-8-8-15-zmprove-ca-command-incorrect-access-control-8088032638e | |
| > https://www.zimbra.com/downloads/ | |
| > https://wiki.zimbra.com/wiki/Security_Center | |
| > https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | |
| > | |
| > ------------------------------------------ | |
| > > [Timelines] | |
| > 1. Report to Zimbra on Jun, 2022 | |
| > | |
| > [Discoverer] | |
| > Soheil Samanabadi , Ali Ahmadi | |
| > linkedin.com/in/soheil-samanabadi/ | |
| > ali.ahmadi@umz.ac.ir | |
| CVE-2022-32294. |