Nope. Not using MD5 passwords. 5.3.20 at present. -M

From: Tom Collins <[EMAIL PROTECTED]>
To: vpopmail list <[EMAIL PROTECTED]>
Subject: Re: [vchkpw] SMTP-Auth bug in passwords?
Date: Tue, 9 Sep 2003 21:24:31 -0700

On Tuesday, September 9, 2003, at 08:40 PM, Mike Miller wrote:
Looking just below, the SPAMmer who made use of this, used the same username and password. I then tried the base64 password for their 'webmaster00' password and that [d2VibWFzdGVyMDA=] works as well. I then tried truncating their password character by character. What I found was that only when I brought the password to 'webmast' (webmaste still worked), did it stop authenticating properly.

What version of vpopmail?

Are you using MD5 passwords (go to your vpopmail source directory and `grep MD5 config.h`)? If not, I think crypt() only uses the first 8 characters of the password. I'm not sure what the limit is if you're using MD5.

Tom Collins
QmailAdmin:  Vpopmail:
Info on the Sniffter hand-held Network Tester:

Add photos to your messages with MSN 8. Get 2 months FREE*.

Reply via email to