Sunday, September 8, 2024
HomeCVE/vulnerabilityHackers Exploiting High-Severity Zimbra Flaw to Steal Email Account Credentials

Hackers Exploiting High-Severity Zimbra Flaw to Steal Email Account Credentials

Published on

Zimbra CVE-2022-27824 has been added to the CISA’s “Known Exploited Vulnerabilities” catalog as a new vulnerability. Hackers are actively exploiting it in attack activities, which indicates it is active in the hacking community.

Unauthenticated threat actors are able to steal email account credentials in clear-text by exploiting this high-severity vulnerability. Using Zimbra Collaboration, a threat actor steals credentials without asking the user for their permission.

https://www.youtube.com/watch?v=GIgHZrPrGug

Impact

During legitimate authentication attempts, a hacker can make use of CRLF injection to poison Memcache and deceive the software into relaying all IMAP traffic to the threat actor instead of forwarding it to the legitimate authentication attempt.

- Advertisement - EHA

It was discovered by SonarSource researchers on March 11, 2022, that the flaw had been exploited. An update that addressed these issues was released by the software vendor on May 10, 2022. In the following list, we have mentioned the fixed versions as follows:-

  • ZCS 9.0.0 Patch 24.1
  • ZCS 8.8.15 Patch 31.1

Based on CISA’s latest catalog addition, it has become evident that not all administrators have updated their security software with the latest updates. It has been nearly three months since all these updates became available to the public.

Exploit Capabilities

It is now possible for hackers to identify and attack vulnerable instances; all credit goes to the opportunity provided by this. As a result of stealing the credentials from a Zimbra account, they are able to do the following things:-

  • Access the email server
  • Making spear-phishing easier by removing the barriers to entry
  • Social engineering
  • BEC (Business Email Compromise) attacks

Zimbra Collaboration is used by a variety of organizations, including the following:- 

  • The number of businesses in the network exceeds 200,000.
  • The number of state entities exceeds 1,000.
  • In 140 countries, they support critical organizations.

In spite of all the recommendations made by CISA, all Federal agencies in the U.S. need to apply the security updates available to them as soon as possible until August 25, 2022, since it’s the final deadline.

Moreover, apart from the Federal agencies, CISA has also recommended all non-federal agencies and organizations to immediately apply the security updates to avoid any exploitation.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...

NoiseAttack is a Novel Backdoor That Uses Power Spectral Density For Evasion

NoiseAttack is a new method of secretly attacking deep learning models. It uses triggers...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

SonicWall Access Control Vulnerability Exploited in the Wild

SonicWall has issued an urgent advisory regarding a critical vulnerability in its SonicOS management...

Apache OFBiz for Linux & Windows Vulnerability Allows Unauthenticated Remote Code Execution

A series of vulnerabilities affecting Apache OFBiz has come to light, raising significant cybersecurity...

Veeam Backup & Replication Vulnerabilities Let Attackers Execute Remote Code

Multiple critical vulnerabilities have been identified in Veeam Backup & Replication, a widely-used data...