Hello! I'm using plugin "Mail Fetch v. 1.3.0" for
SquirrelMail, and I need APOP functionality. I look
inside of sources and seen code for APOP authentication
available but switched off.
It try it switch on, but authorization always fails.
After some investigation I found bug (I think,
functionality turned off because of it?) in
"parse_bunner()" function. It rips all zeros from
server banner. Let I illustrate:
Server returns: <9797.130518476@Soul.dyndns.org>
Banner function returns: <9797.13518476@Soul.dyndns.org>
After fixing this issue all works fine.
And also one thing, I think must be changed. You try
authenticating truth simple POP, then APOP
authentication fails. I think it isn't very good for
security reason. If user make mistake in one character
of password and it steeled when traveling truth
network, it isn't very hard to find real password.
Log in to post a comment.