Zimbra Collaboration Suite (ZCS) 6.0.16 and earlier allows man-in-the-middle attackers to obtain access by sniffing the network and replaying the ZM_AUTH_TOKEN token.
http://www.securityfocus.com/bid/62407
http://archives.neohapsis.com/archives/bugtraq/2013-09/0063.html