Yes, I realize that. But I can't think of a reason this password is
necessary in the logs. It's kind of a backdoor and has to be removed
from code. Why make intruder's life easier?
On 2022-10-11 13:39, Arjen de Korte wrote:
Citeren Serveria Support <supp...@serveria.com>:
Yes, there is a tiny problem letting the attacker change this value
back to yes and instantly get access to users' passwords in plain
text. Apart from that - no problems at all. :)
If an attacker is able to modify your Dovecot configuration, you have
bigger problems than leaking your users' password. Much bigger...