POP3 account passwords

SHSaeed · Sep 17, 2002

Hi,

We've noticed that the POP3 account passwords are compared to the begining of the entered password. For example, if your POP3 account password is &12345& and you type &1234567890& it will still let you login. You can login as long as your password is in the begining of the entered password.

rpmws · Sep 17, 2002

I found this out months ago ..but concluded that it really didn't matter.

SHSaeed · Sep 17, 2002

It might not be the most serious security bug, but it is still a bug that should be fixed. I'll submit it to bugzilla tomorrow if it's not already there by then.

Brad · Sep 17, 2002

Its like that because of the password length limit, it's always been like that. It lets you enter in longer passwords then allowed without an error, works for some people. Not really a security problem in my opinion.

SHSaeed · Sep 17, 2002

I don't get it, if your password is &qwerty&, why would you want to login with &qwerty123& ? That is the wrong password and the fact that you can still login with the wrong password is a security hole in my opinion.

SoftmegUK · Sep 17, 2002

Well theres also of the bug of say you have the password &jilly1234& you can login with &jilly12&, &jilly123& or &jilly1234&. I think this is a bigger bug as it would then be easier to get in.
Eddy

Thread starter	Similar threads	Forum	Replies	Date
T	How to forward pop3 account to gmail ?	Email	3	Apr 13, 2008
J	Create pop3 email account with php	Email	0	Jun 8, 2007
V	POP3 Problem - Only one account?	Email	0	May 18, 2007
R	how can i empty a pop3 account	Email	7	Feb 1, 2007
S	Creating Pop3 accounts remotely	Email	1	May 6, 2006

Search

Search

POP3 account passwords

SHSaeed

Well-Known Member

rpmws

Well-Known Member

SHSaeed

Well-Known Member

Brad

Well-Known Member

SHSaeed

Well-Known Member

SoftmegUK

Well-Known Member