So I'm not sure if this is a known bug, or what.
Our Zimbra OSE is setup to auth against our Active Directory domain. I've kept the default parameters for cookies as it seemed to be a good idea. Turns out, it was not working how I thought.
A person left the company recently, and as such I changed their password. The account was not disabled for our own reasons (intentional). However, the password change did not invalidate previous cookies. As such the person was able to access their email. Fortunately they didn't do anything malicious, they just sent out a farewell email.
I've set the parameter to log users out when they close a tab, but this still is concerning.
Anyways, just a PSA on this one. Stay safe!
- Zimbra Collaboration 9.0.0 now available. Read the release notes.
- Zimbra Collaboration 8.8.15 LTS now available. Read the release notes.
- Are you a Zimbra Developer? You can find some interesting stuff in our Official GitHub, Blog and the Community Github.
- Zimbra is Open Source! Read the FAQ. You can also contribute and build binary from source!
Discuss your pilot or production implementation with other Zimbra admins or our engineers.
1 post • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 15 guests