Zimbra Desktop Cookies File / Security Issue

General discussion about Zimbra Desktop.
a108
Posts: 1
Joined: Wed Mar 13, 2019 8:02 pm

Zimbra Desktop Cookies File / Security Issue

Postby a108 » Wed Mar 13, 2019 8:29 pm

Hi guys,
I found that when certain files are copied and pasted on another PC you can
bypass authentication and basically start using the email...So my question is on what time the Session ID from the
Cookies file expire ? Is it someting configurable from the server ?

Tested on Windows 10 and Zimbra Desktop 7.3.1


User avatar
DualBoot
Elite member
Elite member
Posts: 1088
Joined: Mon Apr 18, 2016 8:18 pm
Location: France - Earth
ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
Contact:

Re: Zimbra Desktop Cookies File / Security Issue

Postby DualBoot » Thu May 09, 2019 9:54 pm

Hello,

expiration time is set on the server side. You should ask the administrator to know how many time it last.

Regards,
jholder
Zimbra Employee
Zimbra Employee
Posts: 4686
Joined: Fri Sep 12, 2014 10:00 pm

Re: Zimbra Desktop Cookies File / Security Issue

Postby jholder » Thu May 30, 2019 4:18 am

Zimbra Desktop hasn't been updated in many years and is discontinued.

I would argue, however, this specifically wouldn't fall under a security issue. Zimbra Desktop is self contained and isn't made to be portable. If you're copying files from within that directory to another machine, I'm a little unsure what you would want to happen.

If I log into gmail using Chrome, then I copy my chrome profile to another machine, I am copying the data that authorizes me. Gmail will let me in. So don't copy the data or set session times to be small so they expire.

Return to “General Questions”

Who is online

Users browsing this forum: No registered users and 3 guests