Ok... I tried this fix. I edited vchkpw.c and removed the FOOB and ENDIF. recompiled.
No luck. Same thing. Any password I put in still works. Thoughts? --- Michael Bowe <[EMAIL PROTECTED]> wrote: > I just remembered that learn-passwords was broken in > 5.3.20, and then > eventually fixed in 5.3.24 > http://sourceforge.net/tracker/index.php?func=detail&aid=783824&group_id=85937&atid=577798 > > Maybe this has something to do with your problem? > > Michael. > > ----- Original Message ----- > From: "jeff thomas" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, August 13, 2003 6:47 PM > Subject: Re: [vchkpw] Urgent - vchkpw/vpopmail > authenticate even with wrong > pw? > > > > Learn passwords was enabled. However, it should > learn > > only the FIRST password entered for each > account.... > > not multiple passwords for each account. > > > > Right? > > > > It would seem logical that with learn-passwords, > the > > first time i put in the password for [EMAIL PROTECTED], it > > "learns" that password. If I try to log into > [EMAIL PROTECTED] > > with a different password, I should be rejected, > as it > > "learned" the first password. > > > > > > > > > > --- Michael Bowe <[EMAIL PROTECTED]> wrote: > > > I could be barking up the wrong tree here but... > > > > > > Perhaps did you configure vpopmail to "learn > > > passwords" ? > > > > > > It rings a bell for me that if you upgrade from > an > > > v4.x vpopmail, and you > > > enable clear passwords in your v5.2 vpopmail, > you > > > loose all your existing > > > passwords and the general way to recover from > this > > > is to enable vpopmail's > > > "learn passwords" functionality > > > > > > This could explain why "any password works". But > > > then again, once the > > > password has been learned, you shouldn't be able > to > > > go back and use some > > > other password and still get access > > > > > > Michael. > > > > > > > > > ----- Original Message ----- > > > From: "jeff thomas" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Wednesday, August 13, 2003 10:15 AM > > > Subject: [vchkpw] Urgent - vchkpw/vpopmail > > > authenticate even with wrong pw? > > > > > > > > > > Hello - > > > > > > > > I recently installed vpopmail 5.3.20 from > freebsd > > > > ports. I used Matt Simerson's FreeBSD Qmail > > > Toaster > > > > scripts to install it (it uses ports). > > > > > > > > > > > > That installed without problem. I installed > > > > courier-imap and squirrelmail as well as > > > sqwebmail. I > > > > noticed today that I can log into any of the > > > accounts > > > > via sqwebmail with any password. I can > literally > > > put > > > > in "xxx" for the password on my e-mail account > and > > > it > > > > will let me in. I tried it on squirrelmail > with > > > the > > > > same problem. So, then I tried simply logging > into > > > the > > > > POP3 account with "xyz" as the password. It, > too, > > > let > > > > me in with full access. > > > > > > > > This is bad - obviously. Anyone care to shed > some > > > > light on what I need to do to get this fixed > ASAP. > > > I > > > > upgraded from 4.9.x and use mysql4 for > > > authentication. > > > > > > > > Any and all help is appreciated. > > > > > > > > __________________________________ > > > > Do you Yahoo!? > > > > Yahoo! SiteBuilder - Free, easy-to-use web > site > > > design software > > > > http://sitebuilder.yahoo.com > > > > > > > > > > > > > > > > > > > > __________________________________ > > Do you Yahoo!? > > Yahoo! SiteBuilder - Free, easy-to-use web site > design software > > http://sitebuilder.yahoo.com > > > > > > __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
