login with wrong password

**mafa77** · 04-22-2008 02:24 PM

Hi all!
This is my first post. I'm using roundcube 0.1.1 on a debian sarge server:
- apache 1.3.33-6sarge3
- php4 4.3.10-22

I have this strange behaviour: I can login using a wrong password if the wrong password begins with the right password.

example: right password: pippo
entering pippoxx I can login.

why?

Thanks in advance,
Fabio

**sk8federico** · 07-03-2009 11:31 PM

Same problem here.

OS: Debian etch
ii libsasl2 2.1.22.dfsg1-8 Authentication abstraction library
ii libsasl2-2 2.1.22.dfsg1-8 Authentication abstraction library
ii apache2 2.2.3-4+etch6
ii php5-imap 5.2.0-8+etch13

I've install about of 6 isp config with roundcube and all have the same problem.
For example if the password is 12345678 and I put 123456789 or 1234567 (yes, with 1 missin carcter) the webmails login ok..
It's a serius bug, with other webmails like talent this problem down not happen
Is there any feedback..
I hope so because I really like this webmail but I habe to use talent for every ispconfig installation.
Thanks!

**JohnDoh** · 07-05-2009 09:03 AM

I'm not sure if this is an RC bug or not, there is an old ticket about a similar issue here #1484100 (IMAP login accepted even if the password is not absolutely correct) ? RoundCube Webmail. RC does not do any authentication its self, it just sends the credentials to the mail server and checks the response.

Thread: login with wrong password

LinkBack

Thread Tools

Display

login with wrong password

Same problem..

Thread Information

Users Browsing this Thread

Posting Permissions