Friday, December 6, 2024
HomeCVE/vulnerabilityHackers Exploiting High-Severity Zimbra Flaw to Steal Email Account Credentials

Hackers Exploiting High-Severity Zimbra Flaw to Steal Email Account Credentials

Published on

SIEM as a Service

Zimbra CVE-2022-27824 has been added to the CISA’s “Known Exploited Vulnerabilities” catalog as a new vulnerability. Hackers are actively exploiting it in attack activities, which indicates it is active in the hacking community.

Unauthenticated threat actors are able to steal email account credentials in clear-text by exploiting this high-severity vulnerability. Using Zimbra Collaboration, a threat actor steals credentials without asking the user for their permission.

https://www.youtube.com/watch?v=GIgHZrPrGug

Impact

During legitimate authentication attempts, a hacker can make use of CRLF injection to poison Memcache and deceive the software into relaying all IMAP traffic to the threat actor instead of forwarding it to the legitimate authentication attempt.

- Advertisement - SIEM as a Service

It was discovered by SonarSource researchers on March 11, 2022, that the flaw had been exploited. An update that addressed these issues was released by the software vendor on May 10, 2022. In the following list, we have mentioned the fixed versions as follows:-

  • ZCS 9.0.0 Patch 24.1
  • ZCS 8.8.15 Patch 31.1

Based on CISA’s latest catalog addition, it has become evident that not all administrators have updated their security software with the latest updates. It has been nearly three months since all these updates became available to the public.

Exploit Capabilities

It is now possible for hackers to identify and attack vulnerable instances; all credit goes to the opportunity provided by this. As a result of stealing the credentials from a Zimbra account, they are able to do the following things:-

  • Access the email server
  • Making spear-phishing easier by removing the barriers to entry
  • Social engineering
  • BEC (Business Email Compromise) attacks

Zimbra Collaboration is used by a variety of organizations, including the following:- 

  • The number of businesses in the network exceeds 200,000.
  • The number of state entities exceeds 1,000.
  • In 140 countries, they support critical organizations.

In spite of all the recommendations made by CISA, all Federal agencies in the U.S. need to apply the security updates available to them as soon as possible until August 25, 2022, since it’s the final deadline.

Moreover, apart from the Federal agencies, CISA has also recommended all non-federal agencies and organizations to immediately apply the security updates to avoid any exploitation.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...

Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware

BlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using...

Russian Hackers Hijacked Pakistani Actor Servers For C2 Communication

Secret Blizzard, a Russian threat actor, has infiltrated 33 command-and-control (C2) servers belonging to...

Sophisticated Celestial Stealer Targets Browsers to Steal Login Credentials

Researchers discovered Celestial Stealer, a JavaScript-based MaaS infostealer targeting Windows systems that, evading detection...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Multiple SonicWall Vulnerabilities Let Attackers Execute Remote Code

SonicWall has issued a critical alert regarding multiple vulnerabilities in its Secure Mobile Access...

Django Security Update, Patch for DoS & SQL Injection Vulnerability

 The Django team has issued critical security updates for versions 5.1.4, 5.0.10, and 4.2.17....

Rockwell Automation Warns of Multiple Code Execution Vulnerabilities in Arena

Rockwell Automation has issued a critical security advisory addressing multiple remote code execution (RCE)...