In this blog post, we presented a Memcache Injection vulnerability in Zimbra that exists because newline characters are not escaped in untrusted user input. This code flaw ultimately allows attackers to steal cleartext credentials from users of targeted Zimbra instances. The vulnerability can be exploited by an attacker to steal the login credentials of known users without any user interaction, which can lead to a potential escalation of access within the targeted organization. The attack vector involves exploiting Memcache Injection vulnerabilities in Zimbra's Reverse Proxy and Memcached client, allowing attackers to hijack proxy connections of random users connecting to their IMAP server. Zimbra patched the vulnerability by creating a SHA-256 hash of all Memcache keys before sending them to the Memcached server, rendering the injection attack ineffective. The fixed versions are 8.8.15 with Patch level 31.1 and 9.0.0 with Patch level 24.1. It is recommended that developers be aware of special characters that should be escaped when dealing with technology where less documentation and research about potential vulnerabilities exist.