In vpopmail-5.5.0 there seems to be a bug in vpopmail.c where the
password strength is checked even if a password isn't used (such as when
-e is used to add the encrypted password). Patch attached.
!DSPAM:55f7df0641553245911066!
diff -uPr vpopmail-5.5.0.orig/vpopmail.c vpopmail-5.5.0/vpopmail.c
--- vpopmail-5.5.0.orig/vpopmail.c 2015-09-08 11:33:44.818094999 +0100
+++ vpopmail-5.5.0/vpopmail.c 2015-09-08 11:39:56.791096019 +0100
@@ -686,13 +686,11 @@
if ( vauth_getpw( username, domain ) != NULL ) return(VA_USERNAME_EXISTS);
- /*
- Check password strength
- */
-
- ret = pw_strength(password);
- if (ret != 1)
- return ret;
+ /* Check password strength */
+ if ( password[0] != '\0' ) {
+ ret = pw_strength(password);
+ if (ret != 1) return ret;
+ }
/* record the dir where the vadduser command was run from */
getcwd(calling_dir, sizeof(calling_dir));