vpopmail shocker

June 7, 2004

Today I had a real shock when I discovered that my 'out of the box' installation of vpopmail keeps passwords in the clear. I had been using this set up for quite sometime without giving it a thought, today for another reason I wanted to play around with a .qmail file and seeing the vpasswd file also on the same folder, curiosity got the better of me and I just wanted to see what it looked like.

I was expecting the vpasswd file to be similar to the /etc/passwd file. In the /etc/passwd file the password is stored after one way hashing it. That means even the super user cannot read it. In the case of vpasswd I found the format does look somewhat like the /etc/passwd file except for the fact that the last column contains the passwd in the clear.

Now to figure out a better way of saving passwords.

Posted by raditha at June 7, 2004 10:44 AM
Your Ad Here

 

Jabber  |  Linux  |  mySQL  |  PHP  |  Java  |  Site Map  |  Wiki

Downloads  |  About  |  Links  |  Contact  |  Home

 

Copyright © Raditha Dissanayake 2003 - 2007

Terms of Use  |  Privacy

 

 

June 2004
Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30