POP3 account passwords

**(SH)Saeed** · 09-17-2002 08:48 AM

Hi,

We've noticed that the POP3 account passwords are compared to the begining of the entered password. For example, if your POP3 account password is &12345& and you type &1234567890& it will still let you login. You can login as long as your password is in the begining of the entered password.

**rpmws** · 09-17-2002 09:04 AM

I found this out months ago ..but concluded that it really didn't matter.

**(SH)Saeed** · 09-17-2002 09:10 AM

It might not be the most serious security bug, but it is still a bug that should be fixed. I'll submit it to bugzilla tomorrow if it's not already there by then.

**Brad** · 09-17-2002 10:32 AM

Its like that because of the password length limit, it's always been like that. It lets you enter in longer passwords then allowed without an error, works for some people. Not really a security problem in my opinion.

**(SH)Saeed** · 09-17-2002 03:12 PM

I don't get it, if your password is &qwerty&, why would you want to login with &qwerty123& ? That is the wrong password and the fact that you can still login with the wrong password is a security hole in my opinion.

**SoftmegUK** · 09-17-2002 04:53 PM

Well theres also of the bug of say you have the password &jilly1234& you can login with &jilly12&, &jilly123& or &jilly1234&. I think this is a bigger bug as it would then be easier to get in.
Eddy

LinkBack

Thread Tools

POP3 account passwords

Old account passwords STILL WORK!

Obtaining POP3 passwords (running cppop)

2 different passwords for an account?!

how to get account passwords ?

Account passwords