Jump to content
xisto Community
Sign in to follow this  
tansqrx

Yahoo's Zimbra Service Sent Passwords In Cleartext

Recommended Posts

During the University Yahoo! Hack Days (https://developer.yahoo.com/hacku/) a developer discovered or announced a vulnerability in Zimbra (http://forums.xisto.com/no_longer_exists/) that sent the password as cleartext over the network (https://www.cnet.com/news/yahoos-zimbra-e-mail-program-exposes-passwords/). The vulnerability has already been fixed (https://www.cnet.com/news/yahoo-to-fix-password-exposure-problem-in-zimbra/) but it is recommended that if you used Zimbra, you should change your Yahoo! password.

 

From my standpoint this was surely a big goof for Yahoo! but I donât think it will yield any substantial results. Before this article I had never heard of Zimbra and the attack is only possible if you can tap into the network between the user and Yahoo! (man in the middle attack). Unless you have a highly targeted attack is it doubtful that this will yield any Yahoo! credentials.

 

The thread at http://forums.xisto.com/topic/96078-topic/?findpost=1064393724 may also tie into this.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.