[Tickets #4085] NEW: Root authentication should be deniable
bugs@bugs.horde.org
bugs at bugs.horde.org
Wed Jun 28 04:17:35 PDT 2006
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=4085
-----------------------------------------------------------------------
Ticket | 4085
Created By | saku at localeyes.fi
Summary | Root authentication should be deniable
Queue | IMP
Version | 4.1.2
State | New
Priority | 1. Low
Type | Enhancement
Owners |
-----------------------------------------------------------------------
saku at localeyes.fi (2006-06-28 04:17) wrote:
I noted that using IMP as the authentication plug-in it offers no
protection to prevent "root" authentication through a POP server. This
allows an attacker to try different root passwords remotely while
remaining quite anonymous. I think there should be a blacklist of accounts
that are never allowed to login or some other way to prevent trying an
uncounted number of account/password pairs remotely.
More information about the bugs
mailing list