Mikhail Goriachev

**Name of the Vulnerable Software and Affected Versions** SquirrelMail versions prior to 1.4.21 **Description** The issue arises from improper handling of 8-bit characters in passwords by the functions/imap general.php file. This allows remote attackers to cause a denial of service, specifically disk consumption, by making multiple IMAP login attempts with different usernames. As a result, many preferences files are created. **Recommendations** For versions prior to 1.4.21, update to version 1.4.21 or later to resolve the issue. As a temporary workaround, consider restricting the number of IMAP login attempts to minimize the risk of disk consumption.