The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

email account password bug?

Discussion in 'E-mail Discussions' started by sivadc, Nov 5, 2004.

  1. sivadc

    sivadc Active Member

    Joined:
    Dec 10, 2003
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    6
    While creating email accounts for clients I noticed something peculiar. I was testing the temporary passwords I set for one of the accounts to make sure it worked when I accidentally entered one too many characters. Even though the password was incorrect, I was still allowed to log into the account. I tested this out on another account and I was again able to log in and check mail. After a little more testing I determined that cpanel (or whatever is checking passwords) was allowing passwords to be off by two characters as long as the first part was correct (i.e. the last two characters of the password do not need to be match or even entered - or there can be up to two extra characters included as well.) This happened when accessing the accounts both through webmail and pop3.

    Has anyone else experienced this or know why it might be happening? I did a search but couldn't find anything on this subject.

    I tested this on a box running CentOS 3.3 w/ cpanel 9.9.8-R5 as well as one running Redhat 9 w/ cpanel 9.9.8-STABLE 6.

    I just wanna apologize in advance if this is something that has been discussed previously. :eek:
     
  2. sivadc

    sivadc Active Member

    Joined:
    Dec 10, 2003
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    6
    I guess it has already been noticed, but I was able to duplicate it using Outlook, so it's not just webmail.

    Bug #1455
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    It was fixed shortly after the version you have installed, by the looks of the Changelog:

    9.9.8 (build 29) Wed Oct 27 08:22:16 2004
    use md5passwords for newly created pop accounts
     
  4. sivadc

    sivadc Active Member

    Joined:
    Dec 10, 2003
    Messages:
    30
    Likes Received:
    0
    Trophy Points:
    6
    Great! Thanks for the information. Do you happen to know if it is addressed in the upcoming RELEASE build? I'm still somewhat unsure as to where I would find that kind of information.
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    It's a mystery to all of where to find out the information on new builds ;) The changelog is usually your only source:
    http://layer1.cpanel.net/ChangeLog.cgi?output=html

    Since everything is released sequentially for a given platform, then that fox will appear in the next RELEASE.
     
Loading...

Share This Page