Nope. Not using MD5 passwords. 5.3.20 at present. -M
From: Tom Collins <[EMAIL PROTECTED]> To: vpopmail list <[EMAIL PROTECTED]> Subject: Re: [vchkpw] SMTP-Auth bug in passwords? Date: Tue, 9 Sep 2003 21:24:31 -0700
On Tuesday, September 9, 2003, at 08:40 PM, Mike Miller wrote:Looking just below, the SPAMmer who made use of this, used the same username and password. I then tried the base64 password for their 'webmaster00' password and that [d2VibWFzdGVyMDA=] works as well. I then tried truncating their password character by character. What I found was that only when I brought the password to 'webmast' (webmaste still worked), did it stop authenticating properly.
What version of vpopmail?
Are you using MD5 passwords (go to your vpopmail source directory and `grep MD5 config.h`)? If not, I think crypt() only uses the first 8 characters of the password. I'm not sure what the limit is if you're using MD5.
-- Tom Collins [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
_________________________________________________________________
Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail
