Closed Bug 214217 Opened 22 years ago Closed 22 years ago

too many attempts to autologin with incorrect passwd locks out win2k account

Categories

(MailNews Core :: Networking: IMAP, defect)

Product:
MailNews Core
Component:
Networking: IMAP
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: mstrumyla, Assigned: Bienvenu)

References

Details

Attachments

(2 files)

proposed fix
1003 bytes, patch
mscott
: superreview+
Details | Diff | Splinter Review
don't forget password if user presses stop
2.14 KB, patch
Details | Diff | Splinter Review
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5a) Gecko/20030727 Mozilla Firebird/0.6.1 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5a) Gecko/20030727 Mozilla Firebird/0.6.1 when i startup Messenger, it tries to automatically connect and download new messages. if the IMAP password stored by Password Manager is incorrect, the Messenger locks out my win2k account. i get several messages that the login failed but i cannot stop the messenger from trying to login. i think the messenger should try logging in two or three times and then give up. our network system is set up to allow three incorrect login attempts. i think this is a standard number. Reproducible: Always Steps to Reproduce: [u have to have an IMAP account] 1. make sure "Check for new messages at startup" is checked 2. when you launch the messenger, enter the password and check "Use Password Manager to remember this password" 3. quit the messenger [and mozilla] 4. change your windows password. 5. start messenger and watch the messages about failed attempts to login appear until it locks out your account. Actual Results: the win2k account is locked out. Expected Results: the messenger should give up after 3 attempts or should provide a way out of the autologin.
Christian: Is this related to the other bug with password looping ?
Unfortunately there a lot more then "the other bug". Every one with a different title. IMHO it's the wrong system to assume a saved password can not be wrong and therefore hasn't to be discarded. To stop after the third fail is possible to implement. But it would be more easy to stop at the first failing login. In which case could the first (and maybe the second) try fail but the immediate following next try succeed? IMHO it's nice to think of a three chances policy but needless in the real world. But examples are welcome.
Status: UNCONFIRMED → NEW
Ever confirmed: true
The imap code tries three or four times, but each time it prompts the user for a new password, and allows the user to cancel the login process. At least, that's the way it's supposed to work.
Unfortunately I can't test IMAP and don't know the code right now. I thought it works the same way as the SMTP&POP code and the reporters description confirmed this assumption. But if you're right this bug could really be quite different. And you're position is also to never do automated successive tries, yes?
we try auth login and then login, but if the auth login fails, we're silent about it, i.e., we don't put up an error msg.
Status: NEW → ASSIGNED
the fix for http://bugzilla.mozilla.org/show_bug.cgi?id=160425 caused this problem (and many others, from what I hear). Personally, I think we should just back that fix out and rethink it.
I support backing out the fix. And then look for the reason why timeouts caused deletion of the passwords.
Attached patch proposed fixSplinter Review
this will fix the problem. I'll go re-open the other bug once this is checked in.
Attachment #128891 - Flags: superreview+
this patch makes it so we don't forget the imap password if the user presses stop, and cleans up some other little things. We still need to try to fix other causes of logon failing but this is a start.
fixed
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
*** Bug 214575 has been marked as a duplicate of this bug. ***
*** Bug 215849 has been marked as a duplicate of this bug. ***
works as expected :) it doesn't try to autologin too many times but instead asks for a new password.
Status: RESOLVED → VERIFIED
*** Bug 210990 has been marked as a duplicate of this bug. ***
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: