Roundcube Password Recovery Tool
Decrypt Roundcube Webmail session-passwords and config.inc.php credentials using Triple DES (3DES / DES-EDE3).
What is ROUNDCUBE?
Roundcube is an open-source IMAP webmail client. User credentials are stored in `config.inc.php` or session variables as encrypted strings. These use Triple DES (3DES) encryption. To recover a password, both the encryption key and the stored value are required. This tool allows administrators and security researchers to decode passwords and inspect stored credentials securely.
How to decrypt Roundcube session password?
- Locate the `config.inc.php` file or session data to extract the encrypted password and encryption key.
- Copy both the key and encrypted password.
- Paste them into the tool.
- Click 'Decrypt' to reveal the password.
- Copy or download the recovered password securely.
Example
Input:
DES-EDE3-key: my_secret_key Encrypted password: my_encrypted_password
Output:
Decrypted password: my_decrypted_password
FAQ
What is Roundcube Webmail?
Roundcube is a browser-based IMAP client used by hosting providers and organizations to manage emails securely.
Where are credentials stored?
User credentials are saved in `config.inc.php` or session variables. They are encrypted using Triple DES (3DES) in CBC mode and often base64-encoded.
How does decryption work?
The stored value contains the IV and ciphertext. With the encryption key from `config.inc.php` and the encrypted password, the original password can be recovered locally.
Can session-passwords be decoded?
Yes. Session variables can be decrypted if the key and encrypted value are available.
What is the encryption key?
The key is defined in `config.inc.php` (default: `des_key`) and is used for encrypting and decrypting stored credentials.
Is this password recovery safe?
Yes. All decryption happens locally. No data is uploaded to any server.