Zimbra Forums

Zimbra Collaboration & Zimbra Desktop Forums
https://forums.zimbra.org/

Zimbra Desktop Cookies File / Security Issue

https://forums.zimbra.org/viewtopic.php?t=65818

Page 1 of 1

Zimbra Desktop Cookies File / Security Issue

Posted: Wed Mar 13, 2019 8:29 pm
by a108
Hi guys,
I found that when certain files are copied and pasted on another PC you can
bypass authentication and basically start using the email...So my question is on what time the Session ID from the
Cookies file expire ? Is it someting configurable from the server ?

Tested on Windows 10 and Zimbra Desktop 7.3.1

Re: Zimbra Desktop Cookies File / Security Issue

Posted: Thu May 09, 2019 9:54 pm
by DualBoot
Hello,

expiration time is set on the server side. You should ask the administrator to know how many time it last.

Regards,

Re: Zimbra Desktop Cookies File / Security Issue

Posted: Thu May 30, 2019 4:18 am
by jholder
Zimbra Desktop hasn't been updated in many years and is discontinued.

I would argue, however, this specifically wouldn't fall under a security issue. Zimbra Desktop is self contained and isn't made to be portable. If you're copying files from within that directory to another machine, I'm a little unsure what you would want to happen.

If I log into gmail using Chrome, then I copy my chrome profile to another machine, I am copying the data that authorizes me. Gmail will let me in. So don't copy the data or set session times to be small so they expire.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited