First published: Thu May 10 2018(Updated: )
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the "HTTP 404 - account is not active" and "HTTP 401 - must authenticate" errors.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Synacor Zimbra Collaboration Suite | >=8.7.0<=8.7.11 | |
Synacor Zimbra Collaboration Suite | >=8.8<8.8.8 | |
Synacor Zimbra Collaboration Suite | =8.6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2018-10949.
The severity of CVE-2018-10949 is medium (5.3).
The Zimbra Collaboration Suite versions 8.8 before 8.8.8, 8.7 before 8.7.11.Patch3, and 8.6 are affected by CVE-2018-10949.
The vulnerability in mailboxd allows account enumeration by leveraging a discrepancy between the 'HTTP 404 - account is not active' and 'HTTP 401 - must authenticate' errors.
Yes, a patch is available for CVE-2018-10949.