On Mon, 10 Oct 2022, Serveria Support wrote:
I checked the source code on Github and discussed this with a C developer.
There seem to be too many files... perhaps somebody can guide me where should
I look? Aki?
You should search for "given password" in the source.
Hint:
src/auth/passdb-pam.c, around lines 175-178.
src/auth/auth-request.c, around lines 2311-2312.
This is with the latest source (2.3.19.1).
Cheers.
PS: But as I noted, nothing prevents $HACKER from bringing their own dovecot
(BYOD :) with all debugging options enabled, etc. As others have noted, if the
intruder owns your server, you have lost. Period.
