The following issue has been SUBMITTED. ====================================================================== http://www.dbmail.org/mantis/view.php?id=545 ====================================================================== Reported By: maenaka Assigned To: ====================================================================== Project: DBMail Issue ID: 545 Category: IMAP daemon Reproducibility: always Severity: block Priority: normal Status: new target: ====================================================================== Date Submitted: 20-Mar-07 02:08 CET Last Modified: 20-Mar-07 02:08 CET ====================================================================== Summary: Security hole Description: In dbmail_imap_session_handle_auth() in dbmail-imapsession.c, when auth_validate() returns -1, TRACE(TRACE_ERROR, "db-validate ...") is called with the unescaped raw IMAP password along with the IMAP username. ======================================================================
Issue History Date Modified Username Field Change ====================================================================== 20-Mar-07 02:08 maenaka New Issue 20-Mar-07 02:08 maenaka File Added: patch-dbmail-imapsession.c ====================================================================== _______________________________________________ Dbmail-dev mailing list Dbmail-dev@dbmail.org http://twister.fastxs.net/mailman/listinfo/dbmail-dev