6.0.0-beta1
▾
Tasks
New Task
Search
Photos
Wiki
▾
Tickets
New Ticket
Search
dev.horde.org
Toggle Alerts Log
Help
8/20/25
H
istory
A
ttachments
C
omment
W
atch
Download
Comment on [#10680] Authentication via IMP does fail for some passwords while using IMAP directly does work
*
Your Email Address
*
Spam protection
Enter the letters below:
._..__ . .. ,.___ | [__)|__| \./ [__ _|_| \| | | [___
Comment
>> I *think* this is what's happening (at least in my case): >> - The user is logging without cookies >> - Horde_Secret falls back to session_id() >> - During the login process, the password is stored encrypted with session_id >> - After logging in, the session id is generated to protect against >> session fixation >> - The new session_id is no longer the valid key for the encrypted >> password, so decrypting fails > > I agree - this is what I figured out last week also. > > Although I don't know if this is a limitation in Horde_Secret or an > issue in IMP. Because Horde_Secret doesn't clearly indicate in its > API that this can occur.
Attachment
Watch this ticket
N
ew Ticket
M
y Tickets
S
earch
Q
uery Builder
R
eports
Saved Queries
Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers