11 Oct
2022
11 Oct
'22
3:11 p.m.
Yes, I realize that. But I can't think of a reason this password is necessary in the logs. It's kind of a backdoor and has to be removed from code. Why make intruder's life easier?
On 2022-10-11 13:39, Arjen de Korte wrote:
Citeren Serveria Support support@serveria.com:
Yes, there is a tiny problem letting the attacker change this value
back to yes and instantly get access to users' passwords in plain
text. Apart from that - no problems at all. :)If an attacker is able to modify your Dovecot configuration, you have bigger problems than leaking your users' password. Much bigger...