Closed
Bug 196928
Opened 21 years ago
Closed 21 years ago
SMTP PLAIN auth broken, submits long string of chars rather than a cleartext pass
Categories
(MailNews Core :: Networking: SMTP, defect)
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: jsnell, Assigned: mscott)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3b) Gecko/20030210 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3b) Gecko/20030210 When PLAIN is the only auth mech available, mozilla responds with something like: AUTH PLAIN (long string of characters which resembles an md5 sum) Using sendmail 8.12.8 with cyrus sasl. The string of characters changes each time even with the same passowrd. Reproducible: Always Steps to Reproduce: 1. Set up sendmail (or others?) so that plain auth is the only mech available 2. Attempt to send outgoing mail through it 3. Actual Results: Server rejected the auth because it didn't get a valid pass Expected Results: sent: AUTH PLAIN <my password in cleartext> to the smtp server
Comment 1•21 years ago
|
||
I suspect the problem is what you describe as strings like AUTH PLAIN ADg5MjQ3MzEAdGVzdA== are correct. Your passwort is never transmitted as real cleartext but base64 coded, even in PLAIN mode. But this string shouldn't change each time ... How are you sure, the "long string of characters" resembles to an md5 sum?
I have the same problem, I cannot send e-mails when plain authentication is
needed. I have Mozilla 1.4 RC1 and Windows 2000. With Netscape 4.79 it works
(with the same configuration, user and password), so I took a look at the
protocol in both cases:
<<
Mozilla 1.4 RC1(FAILED):
====
220 ESMTP service ready on
EHLO terra.es
250-tsmtp8.mail.isp
250-PIPELINING
250-ETRN
250-DSN
250-SIZE 26214400
250-AUTH PLAIN LOGIN
250 AUTH=LOGIN
AUTH PLAIN AHhta...xlbGluZS5lcwB4bWkxNzE=
501 Invalid Login
AUTH LOGIN eG1pcm9n...bGVsaW5lLmVz
334 UGF...cmQ6
eG1...cx
501 Invalid Login
AUTH PLAIN AHhta...xlbGluZS5lcwB4bWkxNzE=
... (etc.)
Netscape 4.79(SUCCESSFUL):
=====
220 ESMTP service ready on
EHLO terra.es
250-tsmtp10.mail.isp
250-PIPELINING
250-ETRN
250-DSN
250-SIZE
250-AUTH PLAIN LOGIN
250 AUTH=LOGIN
AUTH PLAIN AHhta.....xlbGluZS5lcwBtcnR2bnMyOQ==
235 Authentication successful
>>
The AUTH PLAIN string is almost equal, but differs after the sequence
"...S5lcwB". It seems the problem is the generation of the AUTH string. I hope
this helps to diagnose the error.
Sorry, I think I have not used the same password in my test (see the last message), so I can't say Mozilla 1.4 RC1 actually have this error. I will try to be more thorough the next time before adding comments to a bug. Sorry again. (BTW: In my last message I have written the plain text strings of my test, but the account passwords have been changed before and after the tests, in order to keep them secret).
I'm not sure if this has been fixed in current versions or my debugging was flawed in the past. It seems to work fine now: T 192.168.1.58:4433 -> 192.168.10.180:25 [AP] AUTH PLAIN xxxxxxxxxxxxxxxx.. ## T 192.168.10.180:25 -> 192.168.1.58:4433 [AP] 235 ok, go ahead (#2.0.0).. I'm not sure if this should go to "fixed" or "worksforme" so i'll leave the status as unconfirmed for now.
Comment 5•21 years ago
|
||
We made a lot of changes in SMTP authentication since 1.3b, but IIRC nothing regarding the PLAIN mechanism. So I close this with WFM based on your comment.
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → WORKSFORME
Updated•20 years ago
|
Product: MailNews → Core
Updated•16 years ago
|
Product: Core → MailNews Core
You need to log in
before you can comment on or make changes to this bug.
Description
•