Yahoo’s Zimbra e-mail program exposes passwords

by admin in July 29th, 2010

Holden Karau stumbled upon this problem while participating in the Yahoo University Hack Day at the University of Waterloo last week.

He notified Yahoo about the problem during his presentation, but no one seemed concerned, he wrote in a post on Zimbra Forums.

“What does this mean for you? If you use Zimbra to access your Yahoo mail, you almost certainly need to change your password and stop using Zimbra immediately (especially if you’ve ever done so over wireless),” he writes.

Not surprisingly, his hack didn’t place in the competition. “In retrospect it probably wasn’t the best forum to bring up the security defects, but it was the most convenient,” Karau says.

A Zimbra representative wrote in a different post in that forum thread: “This problem has already been addressed in code, and fix is in the next release.”

Passwords used to access Yahoo mail through the Zimbra client are sent over the Internet in clear text, a Canadian programmer says.

A Yahoo spokeswoman said she would check into the matter.

“The Yahoo imap server’s used by the Yahoo Desktop don’t support SSL and the password was being transmitted in plain text,” Karau wrote in a blog post on Friday.

Topics: Uncategorized

Warning: include(D:\home\wp\niven1\puburl.com/wp-content/themes/default/social.php) [function.include]: failed to open stream: No such file or directory in D:\home\wp\niven1\puburl.com\wp-content\themes\default\functions.php on line 152

Warning: include() [function.include]: Failed opening 'D:\home\wp\niven1\puburl.com/wp-content/themes/default/social.php' for inclusion (include_path='.;C:\php5\pear') in D:\home\wp\niven1\puburl.com\wp-content\themes\default\functions.php on line 152

puburl.com

Yahoo’s Zimbra e-mail program exposes passwords

No User Responded In This Post

Leave A Reply

Search

Categories

Latest Comments

Monthly Archives

Daily Archives

Friends

Meta