Results 1 to 2 of 2

Thread: security issue on 8.0.7

  1. #1
    ramondez is offline Starter Member
    Join Date
    May 2014
    Posts
    2
    Rep Power
    1

    Default security issue on 8.0.7

    Hi all,
    I have a security issue on zimbra community edition, recently upgraded to version 8.0.7 from 8.0.6.
    User authentication is against ldap (ms active directory).
    Security log records some failed authentication attempts.
    However if the user is not member of admin group (zimbra global administrator), authentication attempt fails, but if the same user is member of admin group, authentication is successful regardless of the password.
    Any advise?
    Regards

    ............
    May 7 05:53:01 mailsrv postfix/smtpd[23479]: connect from unknown[27.149.79.206]
    May 7 05:53:03 mailsrv saslauthd[17855]: zmauth: authenticating against elected url 'https://x.x.x.x:7071/service/admin/soap/' ...
    May 7 05:53:04 mailsrv saslauthd[17855]: zmpost: url='https://x.x.x.x:7071/service/admin/soap/' returned buffer->data='<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"><soap:Header><context xmlns="urn:zimbra"/></soap:Header><soap:Body><soap:Fault><soap:Code><soa p:Value>soap:Sender</soap:Value></soap:Code><soap:Reason><soap:Text>authentication failed for [test_user]</soap:Text></soap:Reason><soapetail><Error xmlns="urn:zimbra"><Code>account.AUTH_FAILED</Code><Trace>qtp1003181509-21064:https://x.x.x.x:7071/service/admin/soap/:1399434784045:ffd5e4007df762ee</Trace></Error></soapetail></soap:Fault></soap:Body></soap:Envelope>', hti->error=''
    May 7 05:53:04 mailsrv saslauthd[17855]: auth_zimbra: test_user auth failed: authentication failed for [test_user]
    May 7 05:53:04 mailsrv saslauthd[17855]: do_auth : auth failure: [user=test_user] [service=smtp] [realm=] [mech=zimbra] [reason=Unknown]
    May 7 05:53:04 mailsrv postfix/smtpd[23479]: lost connection after AUTH from unknown[27.149.79.206]
    May 7 05:53:04 mailsrv postfix/smtpd[23479]: disconnect from unknown[27.149.79.206]

    ..................
    May 7 10:25:19 mailsrv saslauthd[17854]: zmauth: authenticating against elected url 'https://x.x.x.x:7071/service/admin/soap/' ...
    May 7 10:25:19 mailsrv saslauthd[17854]: zmpost: url='https://x.x.x.x:7071/service/admin/soap/' returned buffer->data='<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"><soap:Header><context xmlns="urn:zimbra"><change token="64684"/></context></soap:Header><soap:Body><AuthResponse xmlns="urn:zimbraAccount"><authToken>0_dcee11eb6cf 26d17ff57f13326ca096ee9791acc_69643d33363a61356233 633134622d353236352d343161342d383133312d3930366466 626164376231613b6578703d31333a31333939363233393139 3333313b747970653d363a7a696d6272613b</authToken><lifetime>172800000</lifetime><skin>serenity</skin></AuthResponse></soap:Body></soap:Envelope>', hti->error=''
    May 7 10:25:19 mailsrv saslauthd[17854]: auth_zimbra: test_user auth OK
    May 7 10:25:19 mailsrv postfix/smtpd[6020]: NOQUEUE: filter: RCPT from unknown[124.173.122.75]: <test_user@mydomain.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<test_user@mydomain.com> to=<zzzzzz@yahoo.com.tw> proto=ESMTP helo=<jkjkjkjkj>
    May 7 10:25:19 mailsrv postfix/smtpd[6020]: C567A1383B43: client=unknown[124.173.122.75], sasl_method=LOGIN, sasl_username=test_user

  2. #2
    ramondez is offline Starter Member
    Join Date
    May 2014
    Posts
    2
    Rep Power
    1

    Default

    Ok, solved!!
    The problem is in the fall back authentication mechanism.
    Even thus it is globally disabled, it cannot be disabled for admin group.
    In this case, changing the password only on ldap system for test_user has no effect, if someone knows the fallback password!!
    )

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. LinkedIn Issue, Java Security Cert
    By drewtheglue in forum Error Reports
    Replies: 0
    Last Post: 09-08-2011, 09:07 AM
  2. Security issue
    By esantos in forum Administrators
    Replies: 4
    Last Post: 07-20-2011, 06:45 AM
  3. Critical Security Issue
    By jholder in forum Announcements
    Replies: 0
    Last Post: 07-02-2009, 11:45 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •