Hi all!
This is my first post. I'm using roundcube 0.1.1 on a debian sarge server:
- apache 1.3.33-6sarge3
- php4 4.3.10-22
I have this strange behaviour: I can login using a wrong password if the wrong password begins with the right password.
example: right password: pippo
entering pippoxx I can login.
why?
Thanks in advance,
Fabio
Same problem here.
OS: Debian etch
ii libsasl2 2.1.22.dfsg1-8 Authentication abstraction library
ii libsasl2-2 2.1.22.dfsg1-8 Authentication abstraction library
ii apache2 2.2.3-4+etch6
ii php5-imap 5.2.0-8+etch13
I've install about of 6 isp config with roundcube and all have the same problem.
For example if the password is 12345678 and I put 123456789 or 1234567 (yes, with 1 missin carcter) the webmails login ok..
It's a serius bug, with other webmails like talent this problem down not happen
Is there any feedback..
I hope so because I really like this webmail but I habe to use talent for every ispconfig installation.
Thanks!:(
I'm not sure if this is an RC bug or not, there is an old ticket about a similar issue here #1484100 (IMAP login accepted even if the password is not absolutely correct) ? RoundCube Webmail (http://trac.roundcube.net/ticket/1484100). RC does not do any authentication its self, it just sends the credentials to the mail server and checks the response.