CVE-2022-32294

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration Open Source version 8.8.15

Description The issue concerns the lack of encryption for the initial-login randomly created password, which is generated by the zmprove ca command. This password is visible in cleartext on port UDP 514, also known as the syslog port. A third party has reported that this issue cannot be reproduced.

Recommendations For Zimbra Collaboration Open Source version 8.8.15, consider restricting access to the syslog port (UDP 514) to minimize the risk of password exposure until a fix is available. As a temporary workaround, avoid using the zmprove ca command until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.