Steps: 1. Try to login to a mail account. In the password dialog type the correct password followed by some characters. (say if the password is 'helloworld' type 'helloworldsomething'). I'm able to login to the account and read msgs. Tried on POP and IMAP account. Build and platform: 2000-07-18-08-M17 linux commercial, yesterday's windows commercial build.
Yikes. Suresh, what happens if the password you type doesn't start with the correct password + additional text? ie. type: blahblah Thanks. Nominate nsbeta2 due to seriousness of password security.
I doubt there's anything the client can do here. We don't know the users's password so we can't limit it to the first n characters 'cause we have no idea what n is! The server determines whether to accept or reject a password response from the client. I'd probably mark this as invalid/wontfix?
I stomped on lisa's nsbeta2 nomination by accident. But I don't think it needs to be nominated anyway. I really don't see a client bug here.
this happens only if i type in correct password + something. I get an 'login failed' alert if I type somthing else without the correct password.
Ok. I'll remove my nsbeta2 nomination. Does this happen in 4.x, Suresh?
talked with suresh and bienvenu - this is not a client bug - this is just exposing the 8-character signifigance of passwords in our mail server... I'm going to mark invalid because even if this is a bug, it's a bug in the server, not the client...
Status: NEW → RESOLVED
Last Resolved: 19 years ago
Resolution: --- → INVALID
I think that's what I said earlier in the bug =)....i forgot to mark it invalid though....shame on me.
fyi: this happens on 4.x as well.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.