Page 1 of 1

Unable to login to zimbraAdmin

Posted: Tue May 28, 2019 10:23 am
by bwest
Having been affected by CVE-2019-9670 we cleaned the system and applied patch 14:

Code: Select all

Release 8.6.0.GA.1153.UBUNTU14.64 UBUNTU14_64 FOSS edition, Patch 8.6.0_P14.

After fixing file- and folderpermissions, running zmfixperms and applying KB22039 we were able to login to the normal Webinterface as user again.
Login to the admin console however does not work. mailbox.log shows:

Code: Select all

 WARN  [qtp509886383-5836:https://XXXX:7071/service/admin/soap/GetInfoRequest] [ip=XXXX;] SoapEngine - no valid authtoken present: cannot dispatch request

Any help appreciated.

Re: Unable to login to zimbraAdmin

Posted: Tue May 28, 2019 4:29 pm
by dachat
I cannot login to the admin console after applied Patch 8.6.0.
Please help me fix this problem.
Tks

Re: Unable to login to zimbraAdmin

Posted: Tue May 28, 2019 4:31 pm
by phoenix
dachat wrote:I cannot login to the admin console after applied Patch 8.6.0.
Please help me fix this problem.
Tks
A quick search of the forums would have given you the answer to this question, go to the wiki and read the article on how to reset the admin password.

Re: Unable to login to zimbraAdmin

Posted: Tue May 28, 2019 4:42 pm
by dachat
I try reset :zmprov sp adminname@domain.com <password>. But The admin console does not working.
Log: WARN [qtp509886383-5836:https://XXXX:7071/service/admin/soap/GetInfoRequest] [ip=XXXX;] SoapEngine - no valid authtoken present: cannot dispatch request
How to fix?

Re: Unable to login to zimbraAdmin

Posted: Tue May 28, 2019 5:18 pm
by phoenix
dachat wrote:How to fix?
How about doing some research first with something like an internet search?

https://www.startpage.com/do/dsearch?query=%2B%22no+valid+authtoken+present%3A+cannot+dispatch+request%22&cat=web&pl=opensearch&language=english

Re: Unable to login to zimbraAdmin

Posted: Wed May 29, 2019 12:46 pm
by bwest
As said in the original question by me we already have:
    * fixed file- and folderpermissions
    * run zmfixperms
    * applied KB22039 (zmprov mcf zimbraCsrfTokenCheckEnabled FALSE)
    * compared md5sums for mailbox/webapps with a freshly installed and patched system
We still cannot login to the admin conole (zimbraAdmin)

By the way, the exploit also created a new administration account on our system so it's probably a good idea for other infected systems to check their admin accounts running "zmprov gaaa".

Any help appreciated

Best
Bernhard