2 matches found
CVE-2018-10949
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the "HTTP 404 - account is not active" and "HTTP 401 - must authenticate" errors...
CVE-2018-10949
CVE-2018-10949 affects mailboxd in Zimbra Collaboration Suite (ZCS) prior to 8.8.8, 8.7 prior to 8.7.11.Patch3, and 8.6 prior to 8.6.0.Patch10. The vulnerability enables account enumeration by exploiting a discrepancy between HTTP 404 (account not active) and HTTP 401 (must authenticate) response...