I noticed that if your password is longer than 8 characters in length, roundcube ignores the full password and allows you to log in by entering an incomplete password.
An example...
Lets say I have the following email addres:
[email protected] and the password for this account is: 12345678987654321
I can login by entering
[email protected] in the username field and 12345678 in the password field. The rest of the password is either ignored or not required at all?
This is present on 0.9.0 and 1.2.0