Menu
▾
▴
[qmailadmin-devel] Receive "Invalid Login" after domain rename with correct password
|
From: Mark S. <ma...@su...> - 2005-06-21 18:02:12
|
Hello,
I'm in the process of moving mailing lists managed by qmailadmin 1.0.2 to a
new domain and have run into a problem.
Using 'vqadmin', I can see the password of the postmaster account for
the domain. However, when trying to login with the password, "Invalid
login" is returned, although the password is correct.
If I intentionally put a typo in the domain, I do get a specific
message that the domain does not exist.
My question is: What logic is being used to generate the message
that the login is invalid? Some other part of my setup besides the
password must be incorrect.
Also, if there is documentation on how-to rename a domain that I missed, I'd
be interested in a pointer.
Thanks!
###
Incidentally you may have a related Cross-Site-Scripting vulnerability because the
wrong domain value is echo-ed back to the browser without being escaped.
Someone could create their own HTML page on your site. Try this on
your install:
/cgi-bin/qmailadmin?domain=<input type="text" value="creating a form on your site!">
Mark
|
