The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

POP3 account passwords

Discussion in 'General Discussion' started by SHSaeed, Sep 17, 2002.

  1. SHSaeed

    SHSaeed Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    245
    Likes Received:
    0
    Trophy Points:
    16
    Hi,

    We've noticed that the POP3 account passwords are compared to the begining of the entered password. For example, if your POP3 account password is &12345& and you type &1234567890& it will still let you login. You can login as long as your password is in the begining of the entered password.
     
  2. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    I found this out months ago ..but concluded that it really didn't matter.
     
  3. SHSaeed

    SHSaeed Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    245
    Likes Received:
    0
    Trophy Points:
    16
    It might not be the most serious security bug, but it is still a bug that should be fixed. I'll submit it to bugzilla tomorrow if it's not already there by then.
     
  4. Brad

    Brad Well-Known Member

    Joined:
    Aug 16, 2001
    Messages:
    231
    Likes Received:
    0
    Trophy Points:
    16
    Its like that because of the password length limit, it's always been like that. It lets you enter in longer passwords then allowed without an error, works for some people. Not really a security problem in my opinion.
     
  5. SHSaeed

    SHSaeed Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    245
    Likes Received:
    0
    Trophy Points:
    16
    I don't get it, if your password is &qwerty&, why would you want to login with &qwerty123& ? That is the wrong password and the fact that you can still login with the wrong password is a security hole in my opinion.
     
  6. SoftmegUK

    SoftmegUK Well-Known Member

    Joined:
    Feb 13, 2002
    Messages:
    372
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    UK
    Well theres also of the bug of say you have the password &jilly1234& you can login with &jilly12&, &jilly123& or &jilly1234&. I think this is a bigger bug as it would then be easier to get in.
    Eddy
     
Loading...

Share This Page