[Tickets #4085] NEW: Root authentication should be deniable

bugs@bugs.horde.org bugs at bugs.horde.org
Wed Jun 28 04:17:35 PDT 2006


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/?id=4085
-----------------------------------------------------------------------
 Ticket             | 4085
 Created By         | saku at localeyes.fi
 Summary            | Root authentication should be deniable
 Queue              | IMP
 Version            | 4.1.2
 State              | New
 Priority           | 1. Low
 Type               | Enhancement
 Owners             | 
-----------------------------------------------------------------------


saku at localeyes.fi (2006-06-28 04:17) wrote:

I noted that using IMP as the authentication plug-in it offers no
protection to prevent "root" authentication through a POP server. This
allows an attacker to try different root passwords remotely while
remaining quite anonymous. I think there should be a blacklist of accounts
that are never allowed to login or some other way to prevent trying an
uncounted number of account/password pairs remotely.




More information about the bugs mailing list