HIgh-severity Zimbra email bug puts login credentials at risk

The Hacker News reports that threat actors could exploit a high-severity Zimbra email suite flaw to facilitate the theft of user passwords in cleartext. The vulnerability, tracked as CVE-2022-27924, was discovered by SonarSource researchers to be "Memcached poisoning with unauthenticated request." "With the consequent access to the victims' mailboxes, attackers can potentially escalate their access to targeted organizations and gain access to various internal services and steal highly sensitive information," said SonarSource. Through poisoning Memcached server-stored IMAP route cache entries, the flaw enables the delivery of a lookup request that would eventually prompt command execution. However, the report noted that attackers could only be able to fully abuse the vulnerability if they already have access to the email addresses of their victims. "Typically, an organization uses a pattern for email addresses for their members, such as e.g., {firstname}.{lastname}@example.com. A list of email addresses could be obtained from OSINT sources such as LinkedIn," SonarSource added.