Closed
Bug 45774
Opened 24 years ago
Closed 24 years ago
Able to login to mail with incorrect password.
Categories
(SeaMonkey :: MailNews: Account Configuration, defect, P3)
SeaMonkey
MailNews: Account Configuration
Tracking
(Not tracked)
VERIFIED
INVALID
People
(Reporter: skasinathan, Assigned: alecf)
Details
Steps: 1. Try to login to a mail account. In the password dialog type the correct password followed by some characters. (say if the password is 'helloworld' type 'helloworldsomething'). I'm able to login to the account and read msgs. Tried on POP and IMAP account. Build and platform: 2000-07-18-08-M17 linux commercial, yesterday's windows commercial build.
Yikes. Suresh, what happens if the password you type doesn't start with the correct password + additional text? ie. type: blahblah Thanks. Nominate nsbeta2 due to seriousness of password security.
Keywords: nsbeta2
Comment 2•24 years ago
|
||
I doubt there's anything the client can do here. We don't know the users's password so we can't limit it to the first n characters 'cause we have no idea what n is! The server determines whether to accept or reject a password response from the client. I'd probably mark this as invalid/wontfix?
Keywords: nsbeta2
Comment 3•24 years ago
|
||
I stomped on lisa's nsbeta2 nomination by accident. But I don't think it needs to be nominated anyway. I really don't see a client bug here.
this happens only if i type in correct password + something. I get an 'login failed' alert if I type somthing else without the correct password.
Keywords: nsbeta2
Ok. I'll remove my nsbeta2 nomination. Does this happen in 4.x, Suresh?
Keywords: nsbeta2
Assignee | ||
Comment 6•24 years ago
|
||
talked with suresh and bienvenu - this is not a client bug - this is just exposing the 8-character signifigance of passwords in our mail server... I'm going to mark invalid because even if this is a bug, it's a bug in the server, not the client...
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → INVALID
Comment 7•24 years ago
|
||
I think that's what I said earlier in the bug =)....i forgot to mark it invalid though....shame on me.
Updated•20 years ago
|
Product: Browser → Seamonkey
You need to log in
before you can comment on or make changes to this bug.
Description
•