IMail appears to store the password for an account in clear text in cookies issued.
d8338cb4182c4ec4004a9f4df0e8293a7cf7f66851e05a3791e62ac6888ec34f
Neither Regular or secure mode of Imail properly give out a hash on cookies leaving the cookies straight readable to any onlookers.
No exploit is needed
POC:
"IMail_UserId
1006332dgd2@Someserver"
--------------------------
"IMail_password
1234"
Straight From Cookie ^^ (edited to protect user)
Shoutz to Dcrab, Infinite, j0X, DjPc, Ch4r, Raven, FPA, woody, elohimus, kurupt3k, and the rest i forgot i still got love for :P