Description
Zimbra Collaboration Suite (ZCS) 6.0.16 and earlier allows man-in-the-middle attackers to obtain access by sniffing the network and replaying the ZM_AUTH_TOKEN token.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/97290
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/62407
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-09/0063.html
Scores
EPSS
0.0138
EPSS Percentile
68.8%
Details
CWE
CWE-287
Status
published
Products (16)
synacor/zimbra_collaboration_suite
6.0.0
synacor/zimbra_collaboration_suite
6.0.1
synacor/zimbra_collaboration_suite
6.0.2
synacor/zimbra_collaboration_suite
6.0.3
synacor/zimbra_collaboration_suite
6.0.4
synacor/zimbra_collaboration_suite
6.0.5
synacor/zimbra_collaboration_suite
6.0.6
synacor/zimbra_collaboration_suite
6.0.7
synacor/zimbra_collaboration_suite
6.0.8
synacor/zimbra_collaboration_suite
6.0.9
... and 6 more
Published
Sep 23, 2013
Tracked Since
Feb 18, 2026