Authentication Bypass in MailboxImportServlet vulnerability (reminder)
https://blog.zimbra.com/2022/08/authentication-bypass-in-mailboximportservlet-vulnerability/

Protect email account with alias

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
antoniovl
Posts: 1
Joined: Sat Jul 02, 2022 1:36 am

Protect email account with alias

Postby antoniovl » Sat Jul 02, 2022 1:39 am

Hi,
I'm having a problem where a user's account it's being locked because of multiple failed login attempts. What I have done in other systems is to rename the user to something else, and create an alias with the old email address. This way, the attacker trying to brute-force the password guessing using the email alias will never succeed. The problem with Zimbra is that the system accepts the user password even if using the aliases as username. Is there a way to disable this behavior? Any other suggestion in mind?

Thank you in advance
Antonio


Top
Post Reply

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 30 guests