Dovecot mail-crypt webmail can't read encrypted messages
Bernardo Reino
reinob at bbmk.org
Tue Oct 11 14:07:06 UTC 2022
On Mon, 10 Oct 2022, Serveria Support wrote:
> I checked the source code on Github and discussed this with a C developer.
> There seem to be too many files... perhaps somebody can guide me where should
> I look? Aki?
You should search for "given password" in the source.
Hint:
src/auth/passdb-pam.c, around lines 175-178.
src/auth/auth-request.c, around lines 2311-2312.
This is with the latest source (2.3.19.1).
Cheers.
PS: But as I noted, nothing prevents $HACKER from bringing their own dovecot
(BYOD :) with all debugging options enabled, etc. As others have noted, if the
intruder owns your server, you have lost. Period.
More information about the dovecot
mailing list