Nix67 wrote:Hello Hsingh,
Thanks for your reply. Im going to give it a try in a lab version of the Zimbra I had the issue with and will report to let you know if it worked.
I dont know exactly when I will do so but hopefully, still this Week.
Also, can you perhaps explain me what is attribute is for?
Once we enable zimbraCsrfTokenCheckEnabled then mailboxd will check CSRF tokens for the accounts.
It's a security feature which prevents hijacking of cookies by an attacker.
You can check the details of CSRF related vulnerabilities over here - "CWE-352" - https://cwe.mitre.org/data/definitions/352.html