If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Unicode characters in Basic Auth password are corrupted

RESOLVED DUPLICATE of bug 41489

Status

()

Core
Networking
RESOLVED DUPLICATE of bug 41489
5 months ago
5 months ago

People

(Reporter: Jason R. Coombs, Unassigned)

Tracking

52 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

5 months ago
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Firefox/52.0
Build ID: 20170323110425

Steps to reproduce:

I recently changed my password at work to include unicode characters. After doing so, I noticed sites requiring Basic Auth would no longer accept my username and password. A little digging revealed that [Firefox apparently sends only the most significant byte of UTF-8 characters](http://stackoverflow.com/a/9056877/70170), or by my estimation some other single-byte encoding.

And while I acknowledge there's probably not a reliable standard for encoding passwords (or usernames for that matter), Chrome does seem to transmit the complete password in UTF-8 and for the systems I was using, that was sufficient to pass the auth check.


Actual results:

For the password "хорошую работу", Firefox sends "E>@>HCN @01>BC" (0x45, 0x3e, 0x40, 0x3e, 0x48, 0x43, 0x4e, 0x20, 0x40, 0x30, 0x31, 0x3e, 0x42, 0x43).


Expected results:

Firefox should send the text UTF-8 encoded, matching the de-facto standard (0xd1, 0x85, 0xd0, 0xbe, 0xd1, 0x80, 0xd0, 0xbe, 0xd1, 0x88, 0xd1, 0x83, 0xd1, 0x8e, 0x20, 0xd1, 0x80, 0xd0, 0xb0, 0xd0, 0xb1, 0xd0, 0xbe, 0xd1, 0x82, 0xd1, 0x83).

Updated

5 months ago
Component: Untriaged → Security
Component: Security → Networking
Product: Firefox → Core
Status: UNCONFIRMED → RESOLVED
Last Resolved: 5 months ago
Resolution: --- → DUPLICATE
Duplicate of bug: 41489
You need to log in before you can comment on or make changes to this bug.