The following issue has been SUBMITTED.
======================================================================
http://www.dbmail.org/mantis/view.php?id=545
======================================================================
Reported By: maenaka
Assigned To:
======================================================================
Project: DBMail
Issue ID: 545
Category: IMAP daemon
Reproducibility: always
Severity: block
Priority: normal
Status: new
target:
======================================================================
Date Submitted: 20-Mar-07 02:08 CET
Last Modified: 20-Mar-07 02:08 CET
======================================================================
Summary: Security hole
Description:
In dbmail_imap_session_handle_auth() in dbmail-imapsession.c, when
auth_validate() returns -1, TRACE(TRACE_ERROR, "db-validate ...") is
called with the unescaped raw IMAP password along with the IMAP username.
======================================================================
Issue History
Date Modified Username Field Change
======================================================================
20-Mar-07 02:08 maenaka New Issue
20-Mar-07 02:08 maenaka File Added: patch-dbmail-imapsession.c
======================================================================
_______________________________________________
Dbmail-dev mailing list
Dbmail-dev@dbmail.org
http://twister.fastxs.net/mailman/listinfo/dbmail-dev
