login with wrong password

[mafa77]

Hi all!
This is my first post. I'm using roundcube 0.1.1 on a debian sarge server:
- apache 1.3.33-6sarge3
- php4 4.3.10-22

I have this strange behaviour: I can login using a wrong password if the wrong password begins with the right password.

example: right password: pippo
entering pippoxx I can login.

why?

Thanks in advance,
Fabio

[sk8federico]

Same problem here.

OS: Debian etch
ii  libsasl2                  2.1.22.dfsg1-8                       Authentication abstraction library
ii  libsasl2-2                2.1.22.dfsg1-8                       Authentication abstraction library
ii  apache2                   2.2.3-4+etch6
ii  php5-imap                 5.2.0-8+etch13

I've install about of 6 isp config with roundcube and all have the same problem.
For example if the password is 12345678 and I put 123456789 or 1234567 (yes, with 1 missin carcter) the webmails login ok..
It's a serius bug, with other webmails like talent this problem down not happen
Is there any feedback..
I hope so because I really like this webmail but I habe to use talent for every ispconfig installation.
Thanks!:(

[JohnDoh]

I'm not sure if this is an RC bug or not, there is an old ticket about a similar issue here #1484100 (IMAP login accepted even if the password is not absolutely correct) ? RoundCube Webmail. RC does not do any authentication its self, it just sends the credentials to the mail server and checks the response.