mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the "HTTP 404 - account is not active" and "HTTP 401 - must authenticate" errors.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-05-10T01:00:00Z

Updated: 2024-09-17T04:04:39.676Z

Reserved: 2018-05-09T00:00:00Z

Link: CVE-2018-10949

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-05-10T01:29:05.657

Modified: 2024-11-21T03:42:22.550

Link: CVE-2018-10949

cve-icon Redhat

No data.