[Bug 398733] Re: Dovecot Plain auth broken in 1.1.1, fixed in 1.2.1
Dan Riley
bearsaxman at yahoo.com
Fri Aug 14 18:41:30 BST 2009
I believe this problem also exists in Hardy. Following is a log message
that illustrates the issue:
Aug 14 12:34:57 ubuntumailsvr dovecot: auth(default): sql(***USERNAME
OMITTED***,127.0.0.1): CRYPT(trader) !=
'$1$crGRJM.l$WFcCPMqyDT1AB9gkkdnyN/
Using a PHP function, I can feed the password and hash in against the
CRYPT() function for a successful match.
--
Dovecot Plain auth broken in 1.1.1, fixed in 1.2.1
https://bugs.launchpad.net/bugs/398733
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dovecot in ubuntu.
More information about the Ubuntu-server-bugs
mailing list