Yahoo's Zimbra flaw reveals users' passwords

By Justin Mann on
Yahoo is suffering today from both a security breach and some serious embarrassment after it was discovered that their Zimbra e-mail client was exposing sensitive data. The flaw was discovered during a recent Yahoo University hack day where a Canadian programmer noticed that passwords of Yahoo's email accounts were being sent in plain text format through the Zimbra client due to a Yahoo IMAP server not supporting SSL encryption.

Reportedly, Yahoo was notified of the problem, but the company didn't give any feedback as to whether or not they were addressing the problem. Zimbra, however, has said that they have already fixed the issue upstream, and the next release of the client will come with a fix built-in. The recommendation for Zimbra/Yahoo account holders is to change their passwords immediately and stop using Zimbra until the next release is available.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.