Found a bug in the squirrelmail change_sqlpass plugin. Made the ugly fix; gonna dive in and write a patch later.
The bug occurs in functions.php
There is a mismatch between:
function get_password_salt, where the program reasonably returns the value of the password salt when $csp_salt_static is empty and $csp_salt_query is not empty.
and:
function get_password_encrypt_string, in the switch statement,
it uses […]