[imp] hardcoded admin account?
Steve McGhee
stevem at cs.ucsb.edu
Wed Oct 1 09:37:54 PDT 2003
Sam Bashton wrote:
> On Tue, Sep 30, 2003 at 10:30:22AM -0700, Steve McGhee wrote:
>
>>hi there,
>>
>> i have IMP installed on a server and noticed that i had a weak
>>password (admin/admin) and decided to change it. after doing so, i
>>could still log in as (admin/admin) even though the IMAP server had been
>>updated.
>> i tried testing with another account (tester/password) which i
>>changed to (tester/newpass) which all worked fine (the old pass stopped
>>working immediately, as it should).
>>
>> is there any reason why this admin/admin account is still being
>>allowed to log in? some sort of cache in Horde?
>
>
> Are you using ImapProxy? This would produce exactly what you are describing,
> in fact it's even in the FAQ:
>
> http://www.kuleuven.net/projects/imapproxy/download/latest/docs/FAQ
>
turns out it was my hosting company screwing up.
icdsoft is pretty good in all respects (besides being in HK, this is the
first time they messed up.
apparently you can delete a user from the system and it can still be
there, kind of.
so, false alarm, not IMP related. thanks for the reply.
(and no, i wasnt using ImapProxy)
-steve
More information about the imp
mailing list