First published: Mon Jul 11 2022(Updated: )
** DISPUTED ** Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). It is visible in cleartext on port UDP 514 (aka the syslog port). NOTE: a third party reports that this cannot be reproduced.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zimbra Collaboration | =8.8.15 | |
=8.8.15 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-32294 is a vulnerability in Zimbra Collaboration Open Source 8.8.15 that allows the initial-login randomly created password to be visible in cleartext on port UDP 514.
The severity of CVE-2022-32294 is critical with a CVSS score of 9.8.
CVE-2022-32294 affects Zimbra Collaboration Open Source 8.8.15 by not encrypting the initial-login randomly created password, making it visible in cleartext on port UDP 514.
There is currently no known fix for CVE-2022-32294 in Zimbra Collaboration Open Source 8.8.15.
CWE-863 is a weakness classification related to incorrect authorization.