Changing passwords in webmail

[ZeroSixty]

I've noticed that after changing passwords in the webmail system, the old AND new passwords continue to work! Changing it again (will only accept the latest password when changing) will result in three working passwords, and so on.

Can someone confirm they also have this problem? If so, I will report the bug.

Thanks.

 

[jshanley]

This is not the case on FreeBSD 5.3/Plesk 7.5.2.

HOWEVER - The "change password" function on FreeBSD doesn't work at all in Horde on FreeBSD, unless you manually create a "hooks.php" file and edit a config option for horde to enable the hook.

If you do that, it works fine on FreeBSD - the password is changed, and the old password does not continue to work either through Horde or regular POP3/IMAP login.

 

[webrebel]

Same problem here. Using RHES3 and Plesk 7.5.2

 

[Mandi]

Same problem

Yes, same problem here too.

Changing the password will just create a new access password. The Old password is still active and anyone that knows your old password can still read your emails!

Any solutions?

 

[ViaHosting]

I have the same problem.

I notice that after changing the password, the poppasswd creates a new entry at /var/qmail/users/poppasswd, instead of changing the password of the correspond user line.

So we will have as many lines as we try to change the user password.

The authentication program may pick up the first line, with the old password.


If you run /usr/local/psa/admin/mchk you will have the files rebuilded, and the duplicated lines excluded.

 

[globodata]

That is a known issue that Plesk is working to fix.