Jump to content
Froxlor Forum
  • 0

Weird Problem with Courier


fabians

Question

Hey guys!

I got an interesting security bug...

If I login to the courier via pop3 or IMAP, I can use not only my password, but also similar ones to login.

Example: If my password was "password", I can login with the password "password", "password1", "password23445" etc., but not with "123password".

Also, if my password was "password12345", I can login with "password", "password1234" and also "password987654321".

Courier seems to not care about passwords that have numbers in the end.

Is that supposed to be that way?

Postfix SMTP-Auth works great, it only accepts the actual password...

Link to comment
Share on other sites

1 answer to this question

Recommended Posts

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...