lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 03 Feb 2004 09:55:10 +0100
From: Antonio Messina <messina@...iesistemi.it>
To: Marco Marabelli <mm@...t.it>
Cc: bugtraq@...urityfocus.com
Subject: Re: sqwebmail web login


> platform:
> linux 2.4 i386
> pachages: qmail+sqwebmail+qmailadmin+vpopmail-vchkpw-auth. 

NOT with FreeBSD 4.5, kernel GENERIC, sqwebmail 3.3.3, vpopmail 5.2

However, I think it's due to a misconfiguration. Root mailbox does NOT 
exist in default qmail installation: it's just an alias, not a real 
valid user. 

Mail for root is usually handled by the "alias" pseudo-user. 

And with vpopmail you must create such user by hand (or via qmailadmin).

> I think this should be a good method for guessing root password, in fact 
> failure logging in on the sqewebmail are not logged (generally!). 

Failures are logged by vpopmail. Check your configuration.

> Regards,
> Marco Marabelli

ciao

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ