So I'm not sure if this is a known bug, or what.
Our Zimbra OSE is setup to auth against our Active Directory domain. I've kept the default parameters for cookies as it seemed to be a good idea. Turns out, it was not working how I thought.
A person left the company recently, and as such I changed their password. The account was not disabled for our own reasons (intentional). However, the password change did not invalidate previous cookies. As such the person was able to access their email. Fortunately they didn't do anything malicious, they just sent out a farewell email.
I've set the parameter to log users out when they close a tab, but this still is concerning.
Anyways, just a PSA on this one. Stay safe!
Discuss your pilot or production implementation with other Zimbra admins or our engineers.
1 post • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 27 guests