Forgot your password?
typodupeerror
Security

+ - Yahoo! Zimbra Desktop vulnerable to MiTM

Submitted by
holdenkarau
holdenkarau writes "After patching the its plaintext authentication gaffe, Yahoo! Zimbra desktop has hit another stumbling block in the security road. Yahoo! Zimbra now uses the standard authentication method used by the rest of the Yahoo! Mail family. However, unlike other implementations where invalid SSL certificates will throw up plenty of warnings for the user, Yahoo! Zimbra Desktop is trivially vulnerable to a man-in-the-middle attack, as it simply transmits the usernames & passwords regardless of who's picked up on the other side. With all of the news about DNS vulnerabilities, this seems like exceptionally poor timing for a MiTM. For the time being you may wish to switch to using the Yahoo! webmail interface, until this bug gets fixed."
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Yahoo! Zimbra Desktop vulnerable to MiTM

Comments Filter:

Money will say more in one moment than the most eloquent lover can in years.

Working...