Closed
Bug 261044
Opened 20 years ago
Closed 20 years ago
NTLM Auth with bad password floods network
Categories
(Core :: Networking: HTTP, defect)
Tracking
()
RESOLVED
FIXED
mozilla1.8beta1
People
(Reporter: rich.loose, Assigned: darin.moz)
References
Details
Attachments
(1 file)
|
86.45 KB,
application/octet-stream
|
Details |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20040913 Firefox/0.10 I am hitting a protected page on a Windows 2003 box running IIS. The server responds with 401 auth required, with WWW-Negotiate headers indicating a willingness to do Negotiate, NTLM, and basic auth. Browser prompts for user/password. Supply a bad password, or an account that doesn't exist, or an account that is locked. Browser sends the NTLM Neg request. Server sends back the NTLM challenge. Browser sends the NTLM Auth request. Server sends back Auth-required as before. So far so good, but then the browser (without prompting for another user/password) initiates the authentication dance all over again with the same credentails, stubbornly flooding the network with the same authentication sequence. Although reported on the Windows browser, the Linux browser has the same problem: Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040914 Firefox/0.10 I am not using any password management, and have Ethereal traces if anyone is interested. Reproducible: Always Steps to Reproduce:
|
||
Comment 1•20 years ago
|
||
Auth --> Darin
Assignee: dveditz → darin
Component: Security: General → Networking: HTTP
|
Assignee | |
Comment 2•20 years ago
|
||
I wonder if my patch for bug 256949 will help this problem. Rich: If you are willing to send me those ethereal traces I'd appreciate it, thx!
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Target Milestone: --- → mozilla1.8beta
|
|
Assignee | |
Comment 3•20 years ago
|
||
A Mozilla HTTP log would be nice too. Instructions here: http://www.mozilla.org/projects/netlib/http/http-debugging.html Thanks!
|
Reporter | |
Comment 4•20 years ago
|
||
Darin, here's an Ethereal trace of the problem. - Rich
|
|
Assignee | |
Comment 5•20 years ago
|
||
Rich: Thanks! Can you please supply the Mozilla HTTP log as well. See comment #3.
|
|
Assignee | |
Comment 7•20 years ago
|
||
marking FIXED, now that my patch for bug 256949 went in on the trunk, 1.7 branch, and aviary-1.0 branch.
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 8•20 years ago
|
||
*** Bug 259854 has been marked as a duplicate of this bug. ***
|
|
Assignee | |
Comment 9•20 years ago
|
||
*** Bug 259344 has been marked as a duplicate of this bug. ***
|
|
Assignee | |
Comment 10•20 years ago
|
||
*** Bug 265609 has been marked as a duplicate of this bug. ***
You need to log in
before you can comment on or make changes to this bug.
Description
•