© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
(In reply to comment #37)
> A user gets a phone call from the sysadmins or a mail a few days ago which
> tells him : we got a new Imap server software and all Accounts need new
> passwords, here is your new password, use it tomorrow morning. User opens
> Thunderbird at the morninbg and thunderbird send x times the wrong password
> after opening Thunderbird and account is closed.
That is moronic server behavior, a server should never disable an account because someone sent the wrong password for it a couple times. This is a Denial-of-service vulnerability where an attacker can disable every known account on the system. Although off topic here and some server administrators are morons so this does happen.
I agree the solution would be to make Thunderbird come with a dialog if it has two or three failed connection attempts, with the options being retry, abort or change password.