Vpopmail Cleartext Password Authentication Bypass Doesn't Affect H-Sphere Mail System
According to the stated security hole the security issue is caused due to an error within
the handling of SMTP AUTH and APOP password authentication.This can be exploited to authenticate
to the mail server using a blank password.
Successful exploitation requires that cleartext password authentication
is enabled and that the account does not have a cleartext password set.
Recently found Vpopmail Cleartext Password Authentication Bypass can in no way affect H-Sphere mail subsystem. H-Sphere mail updates regenerate old mailbox passwords with clear password authentication based on the related H-Sphere DB information after the CRAM-MD5 and APOP password authentication was introduced into H-Sphere (starting from hsphere-mail2-all-4).