Authentication Bypass in MailboxImportServlet vulnerability (reminder)
https://blog.zimbra.com/2022/08/authentication-bypass-in-mailboximportservlet-vulnerability/

Password max age from another COS

djones
Posts: 1
Joined: Sun Jun 09, 2019 12:26 am

Password max age from another COS

Postby djones » Tue Dec 14, 2021 2:11 pm

Cenário:

Tenho contas que estão no COS padrão do Zimbra e preciso altera-las para um novo COS com as regras de segurança da empresa. Este novo COS em ativo a regra zimbraPassowrdMaxAge 90 dias. Ao mudar as contas para esse COS contas que tiveram alteração em sua senha a cerca de 1 semana foram forçadas a alterar sua senha novamente apos entrarem no COS.

Duvida:

É possivel contornar isso?
Estou me baseando pela propriedade errada quando leio zimbraPasswordModifiedTime: |20211206| 114216.407Z e penso que o que esta dentro do pipe é YYYYMMDD?
E é ela que faz essa verificação dos 90 dias para a proxima alteração de senha.

P.S o pipe foi colocado so para explicação.

Scenario:

I have accounts that are in Zimbra's default COS and I need to change them to a new COS with company security rules. This new COS activates the zimbraPassowrdMaxAge rule for 90 days. When changing accounts for this COS accounts that had their password changed about 1 week ago were forced to change their password again after logging into the COS.

He doubts:

Is it possible to get around this?
I am basing myself on the wrong property when I read zimbraPasswordModifiedTime: |20211206| 114216.407Z and I think what's inside the pipe is YYYYMMDD?
And she is the one who checks the 90 days for the next password change.

P.S the pipe was placed only for explanation.


Return to “Portuguese”

Who is online

Users browsing this forum: No registered users and 1 guest