Hi Everyone:
I am using cyrus-sasl on postfix and courier-imap now. But i need
change to
other authentication method. This is in this way because cyrus-sasl have a
security bug, and seem not be corrected in the closer future.
If the right username is "m...@example.com" and pass "helloworld", i try the
next
with a surprissing result:
sxxxb:~ # testsaslauthd -u m...@example.com -p helloworld
0: OK "Success."
sxxxb:~ # testsaslauthd -u m...@example.com -p helloworld1
0: OK "Success."
sxxxb:~ # testsaslauthd -u m...@example.com -p helloworld111111
0: OK "Success."
YES, saslauth is granting acces to bad password.
More detail in bugzilla:
https://bugzilla.cyrusimap.org/show_bug.cgi?id=3897
After i was attacked with a dictionary attack, i think that is better switch
to antoher authentication method. So the right question is: There are another
method that allow the basic:
Postfix sasl
courier-imap
Best Regards
Christian
--
En un mundo sin fronteras.... ¿Quién necesita Puertas y Ventanas?
EN INGLES: In a world without frontiers, who needs Gates and Windows
http://www.schdev.com.ar
http://gnc2.schdev.com.ar
------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
Courier-imap mailing list
Courier-imap@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
