Hello Florian,Nix67 wrote:Hello Hsingh,
Thanks for your reply. Im going to give it a try in a lab version of the Zimbra I had the issue with and will report to let you know if it worked.
I dont know exactly when I will do so but hopefully, still this Week.
Also, can you perhaps explain me what is attribute is for?
Thanks
Florian
Once we enable zimbraCsrfTokenCheckEnabled then mailboxd will check CSRF tokens for the accounts.
It's a security feature which prevents hijacking of cookies by an attacker.
You can check the details of CSRF related vulnerabilities over here - "CWE-352" - https://cwe.mitre.org/data/definitions/352.html
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
Thanks,
Heera