starred/SuiteCRM-SuiteCRM

Fork 0

mirror of https://github.com/SuiteCRM/SuiteCRM.git synced 2026-03-02 19:16:58 -05:00

Outbound email password not saved correctly for long passwords like API keys #5242

New issue

Open

opened 2026-02-20 16:31:53 -05:00 by deekerman · 3 comments

deekerman commented

2026-02-20 16:31:53 -05:00

Owner

Originally created by @ExcelsiorEyer on GitHub (Aug 21, 2024).

Issue

SMTP password for personal outgoing email is not being saved correctly if it is a long password like an API key. Adding debug steps to include/OutboundEmail/OutboundEmail.php seems to indicate that the stored encrypted password is being truncated to 100 chars, causing an incorrect password to be used for authenticating with the SMTP server

Version 7.14.5
Sugar Version 6.5.25 (Build 344)

Possible Fix

Increase the field length of outbound_email.mail_smtppass to a much larger value to allow for the encryption of API keys provided by SMTP providers

Steps to Reproduce the Issue

1. Set the password to be 100 characters for an outbound SMTP email. This will cause the encrypted text to be stored in the database to exceed the 100 character limit
2. Try sending an email to find the SMTP authentication failing

Context

No response

Version

7.14.5

What browser are you currently using?

Chrome

Browser Version

No response

Environment Information

MySQL, PHP8.2

Operating System and Version

Ubuntu

Originally created by @ExcelsiorEyer on GitHub (Aug 21, 2024). ### Issue SMTP password for personal outgoing email is not being saved correctly if it is a long password like an API key. Adding debug steps to include/OutboundEmail/OutboundEmail.php seems to indicate that the stored encrypted password is being truncated to 100 chars, causing an incorrect password to be used for authenticating with the SMTP server Version 7.14.5 Sugar Version 6.5.25 (Build 344) ### Possible Fix Increase the field length of outbound_email.mail_smtppass to a much larger value to allow for the encryption of API keys provided by SMTP providers ### Steps to Reproduce the Issue ```bash 1. Set the password to be 100 characters for an outbound SMTP email. This will cause the encrypted text to be stored in the database to exceed the 100 character limit 2. Try sending an email to find the SMTP authentication failing ``` ### Context _No response_ ### Version 7.14.5 ### What browser are you currently using? Chrome ### Browser Version _No response_ ### Environment Information MySQL, PHP8.2 ### Operating System and Version Ubuntu

deekerman added the

Type: Bug

Priority:Important

Area: Emails

Status: Team Investigating

Area: Emails:Config

Severity: Moderate

labels

2026-02-20 16:31:53 -05:00

deekerman commented

2026-02-20 16:31:54 -05:00

Author

Owner

@chris001 commented on GitHub (Aug 22, 2024):

Unlike the username field mail_smtpuser which has maxlength=100 on the web form, this password mail_smtppass doesn't have a maxlength on the web form! So it misleads you into believing you can paste in an app password longer than 100 characters, because there is no maxlength. Suite silently fails to save the full app password when the database truncates to the size of the field in the DB, resulting in first 100 characters saved, then SMTP Auth fails, and sending Outgoing Email fails.

@chris001 commented on GitHub (Aug 22, 2024): Unlike the username field `mail_smtpuser` which has `maxlength=100` on the web form, this password `mail_smtppass` doesn't have a `maxlength` on the web form! So it misleads you into believing you can paste in an app password longer than 100 characters, because there is no `maxlength`. Suite silently fails to save the full app password when the database truncates to the size of the field in the DB, resulting in first 100 characters saved, then SMTP Auth fails, and sending Outgoing Email fails.

deekerman commented

2026-02-20 16:31:54 -05:00

Author

Owner

@ExcelsiorEyer commented on GitHub (Aug 24, 2024):

Just to clarify, in my case the actual password is short of 100 characters. So limiting the password to 100 characters on the front end will not solve the problem if the encrypted value were to exceed 100 characters in length.

@ExcelsiorEyer commented on GitHub (Aug 24, 2024): Just to clarify, in my case the actual password is short of 100 characters. So limiting the password to 100 characters on the front end will not solve the problem if the encrypted value were to exceed 100 characters in length.

deekerman commented

2026-02-20 16:31:54 -05:00

Author

Owner

@IAmBecomeDeth commented on GitHub (Mar 24, 2025):

This is still an issue in 8.8. I attempted to increase the size of varchar 100 to varchar 300 and there must be somewhere else, possibly in the encryption function?

Actually, I just tested my lengths. password bravo gives me for my api key (password) is 90 chars. after increasing varchar to 300, the saved password is 128 chars. before saving password, the test completes successfully. however, after you save, emails fail to send.

@IAmBecomeDeth commented on GitHub (Mar 24, 2025): This is still an issue in 8.8. I attempted to increase the size of varchar 100 to varchar 300 and there must be somewhere else, possibly in the encryption function? Actually, I just tested my lengths. password bravo gives me for my api key (password) is 90 chars. after increasing varchar to 300, the saved password is 128 chars. before saving password, the test completes successfully. however, after you save, emails fail to send.