Zimbra Desktop Cookies File / Security Issue

General discussion about Zimbra Desktop.
Post Reply
a108
Posts: 1
Joined: Wed Mar 13, 2019 8:02 pm

Zimbra Desktop Cookies File / Security Issue

Post by a108 »

Hi guys,
I found that when certain files are copied and pasted on another PC you can
bypass authentication and basically start using the email...So my question is on what time the Session ID from the
Cookies file expire ? Is it someting configurable from the server ?

Tested on Windows 10 and Zimbra Desktop 7.3.1
User avatar
DualBoot
Elite member
Elite member
Posts: 1326
Joined: Mon Apr 18, 2016 8:18 pm
Location: France - Earth
ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
Contact:

Re: Zimbra Desktop Cookies File / Security Issue

Post by DualBoot »

Hello,

expiration time is set on the server side. You should ask the administrator to know how many time it last.

Regards,
User avatar
jholder
Ambassador
Ambassador
Posts: 4824
Joined: Fri Sep 12, 2014 10:00 pm

Re: Zimbra Desktop Cookies File / Security Issue

Post by jholder »

Zimbra Desktop hasn't been updated in many years and is discontinued.

I would argue, however, this specifically wouldn't fall under a security issue. Zimbra Desktop is self contained and isn't made to be portable. If you're copying files from within that directory to another machine, I'm a little unsure what you would want to happen.

If I log into gmail using Chrome, then I copy my chrome profile to another machine, I am copying the data that authorizes me. Gmail will let me in. So don't copy the data or set session times to be small so they expire.
Post Reply