Key Decryptor Logo
Support the project! 🙋‍♂️
Decryption ToolsHash ToolsEncoding ToolsDecoding ToolsEditor Tools

Online Roundcube IMAP Password Decryptor (Decoder) - Decryption Tool

This tool helps recover passwords stored in Roundcube IMAP configuration files, assisting security professionals in audits and penetration tests.

No file chosen

Roundcube Password Recovery Tool

Decrypt Roundcube Webmail session-passwords and config.inc.php credentials using DES-EDE3-key and encrypted strings.

What is ROUNDCUBE?

Roundcube is an open-source IMAP webmail client. Roundcube Webmail stores user credentials in `config.inc.php` or in session-vars as encrypted strings. These are protected using Triple DES (3DES / DES-EDE3) encryption. To recover a Roundcube password, both the DES-EDE3-key and the encrypted password are required. This tool allows administrators and security researchers to perform Roundcube password recovery, decode session-passwords, and inspect stored credentials.

How to decrypt Roundcube session password?

  1. Locate the Roundcube `config.inc.php` file or session data to extract the encrypted password and DES-EDE3-key
  2. Copy both the DES-EDE3-key and encrypted password
  3. Paste them into this Roundcube password recovery tool
  4. Click on 'Decrypt' to decode the Roundcube password
  5. Copy or download the recovered password securely

Example

Input:

DES-EDE3-key: my_secret_key
Encrypted password: my_encrypted_password

Output:

Decrypted password: my_decrypted_password

FAQ

  1. What is Roundcube Webmail?

    Roundcube Webmail is a browser-based IMAP client used by hosting providers and organizations for managing emails securely.

  2. Where are Roundcube passwords stored?

    Roundcube credentials are stored in `config.inc.php`, `session-passwords`, or session-vars. They are encrypted using DES-EDE3-key with 3DES in CBC mode.

  3. How does Roundcube password decryption work?

    Passwords are encrypted with Triple DES (3DES / DES-EDE3) in CBC mode. The stored value includes the IV + ciphertext, usually base64-encoded. With the DES-EDE3-key from `config.inc.php` and the encrypted password, the original password can be decrypted.

  4. Can I decode Roundcube session-passwords?

    Yes. Session-passwords and session-vars in Roundcube can be decrypted if you extract the DES-EDE3-key and encrypted value.

  5. What is DES-EDE3-key in Roundcube?

    The DES-EDE3-key is the secret encryption key defined in `config.inc.php` (default key: `des_key`). It is used to encrypt and decrypt Roundcube session-passwords and stored credentials.

  6. Is Roundcube password recovery safe?

    Yes. Your Roundcube DES-EDE3-key, session, and password data are not uploaded anywhere.

    Online Roundcube IMAP Password Decryptor (Decoder) - Decryption Tool