If you don't store cleartext passwords in your backend, how will an intruder get them??

On Tue, Oct 11, 2022 at 3:45 PM Serveria Support <support@serveria.com> wrote:

Yes, I realize that. But I can't think of a reason this password is
necessary in the logs. It's kind of a backdoor and has to be removed
from code. Why make intruder's life easier?

On 2022-10-11 13:39, Arjen de Korte wrote:
> Citeren Serveria Support <support@serveria.com>:
>
>> Yes, there is a tiny problem letting the attacker change this value
>> back to yes and instantly get access to users' passwords in plain
>> text. Apart from that - no problems at all. :)
>
> If an attacker is able to modify your Dovecot configuration, you have
> bigger problems than leaking your users' password. Much bigger...

Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)