Account Enumeration Vulnerability in Zimbra Collaboration Suite 8.8 and earlier versions

CVE-2018-10949 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the "HTTP 404 - account is not active" and "HTTP 401 - must authenticate" errors.

Learn more about our Web Application Penetration Testing UK.