On Tuesday, September 9, 2003, at 08:40 PM, Mike Miller wrote:
Looking just below, the SPAMmer who made use of this, used the same username and password. I then tried the base64 password for their 'webmaster00' password and that [d2VibWFzdGVyMDA=] works as well. I then tried truncating their password character by character. What I found was that only when I brought the password to 'webmast' (webmaste still worked), did it stop authenticating properly.

What version of vpopmail?

Are you using MD5 passwords (go to your vpopmail source directory and `grep MD5 config.h`)? If not, I think crypt() only uses the first 8 characters of the password. I'm not sure what the limit is if you're using MD5.

Tom Collins
QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
Info on the Sniffter hand-held Network Tester: http://sniffter.com/

Reply via email to