Forgot your password?
typodupeerror
Security

+ - Yahoo! Zimbra Desktop vulnerable to MiTM

Submitted by
holdenkarau
holdenkarau writes "After patching the its plaintext authentication gaffe, Yahoo! Zimbra desktop has hit another stumbling block in the security road. Yahoo! Zimbra now uses the standard authentication method used by the rest of the Yahoo! Mail family. However, unlike other implementations where invalid SSL certificates will throw up plenty of warnings for the user, Yahoo! Zimbra Desktop is trivially vulnerable to a man-in-the-middle attack, as it simply transmits the usernames & passwords regardless of who's picked up on the other side. With all of the news about DNS vulnerabilities, this seems like exceptionally poor timing for a MiTM. For the time being you may wish to switch to using the Yahoo! webmail interface, until this bug gets fixed."
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Yahoo! Zimbra Desktop vulnerable to MiTM

Comments Filter:

"The value of marriage is not that adults produce children, but that children produce adults." -- Peter De Vries

Working...