Results 1 to 1 of 1

Thread: Zimbra Desktop (beta) Certificate Validation Issue

  1. #1
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Exclamation Zimbra Desktop (beta) Certificate Validation Issue

    Recently an article was published by a blogger detailing a "Man in the middle" attack against Zimbra Desktop (beta) users. Under the right circumstances, it may be possible for a remote attacker to distinguish a username and password.

    The issue involves how Zimbra Desktop (beta) trusts secure sites. If a malicious party forges a site, Zimbra Desktop currently does not verify the sites identity via an SSL certificate.

    This issue was discovered on September 29, 2008 and has been logged in Zimbra's Bugzilla Database with the Bug ID: Bug 31997 – deal with untrusted certificates

    Zimbra plans on introducing SSL validation in the next release of Zimbra Desktop (beta).

    In the mean time, even though the possibility of exploit is extremely remote, we suggest that those who feel uncomfortable with this bug uninstall Zimbra Desktop (beta) and wait for the next version.

    We also wish to take time to remind all users on the proper procedure for reporting issues to Zimbra. Zimbra takes all security issues very seriously. In order to protect our customers and users who use our free products, we strongly encourage security concerns to be sent to support@zimbra.com.

    If you have ANY questions, please feel free to post in our forums.

    -The Zimbra Team
    Last edited by jholder; 11-23-2008 at 09:25 PM.

Similar Threads

  1. Upgrade to ZCS 5.10
    By blozancic in forum Installation
    Replies: 0
    Last Post: 10-21-2008, 08:03 AM
  2. zimbra install with perpetually broken logger/stats
    By jptech in forum Installation
    Replies: 8
    Last Post: 09-29-2008, 02:33 PM
  3. Replies: 9
    Last Post: 03-01-2008, 07:21 PM
  4. Replies: 16
    Last Post: 09-07-2006, 06:39 AM
  5. Unable to start tomcat
    By chanck in forum Administrators
    Replies: 11
    Last Post: 06-11-2006, 12:58 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •