Serious problems with Web Based Email
A few hours of testing and documenting, showed &khoonchee & bert& are probably correct -- plus a few other things as well.
Even more important, except for the Account owner, nobody should be using Web Mail except from their own computer -- which defeats the purpose actually. See below for more.
The following is my results using:
Cpanel Version/Build 5.3.0-RELEASE Build 6
Win98SE, Mozilla 1.2a and IE 5.01 SP2
--------------------------------------------------
Creating a new/different User Email account for a Parked Domain, will not grant access for Horde; NeoMail is fine. Access is granted though, using the Main or Parked Domain and Account Owner ID & PW; using port: 2082 in the URL.
When setting up an Email account in the Control Panel, there is no mention of how many characters are required for the PW and a PW of one charactor is valid. This seems to be a problem throughout Cpanel for most/all features that require a PW.
When changing password [ http://domain.com:2095/webmailpasswd.cgi ], JS popup states min. 5 characters for new password. Once password shows as successfully changed, there is a link &Return& which does not appear to work. Probably because, it uses &https& instead of &http&.
[b:e0c2bb9b2e]Security Alert[/b:e0c2bb9b2e]
After using the &Log out& from NeoMail or Horde and using [ http://domain.com/webmail/ ], the Browser(s) went to [ http://domain.com:2095/ ] and did not require ID & PW to &Log in& again -- ID and PW were saved in Browser History for both scripts.
This is only a problem using http://domain.com/webmail/ (which is port: 2095) and should be mentioned to all Clients.
Using port: 2082 does require Apache Authentication (ID & PW) and is not saved by the Browser.
This is a serious Security breach for Users other than account owner! If someone is accessing their Web Mail from a public location (or different system than their own) the Web Mail URL is retained in Browser History -- along with Username and PW.