Closed
Bug 167548
Opened 23 years ago
Closed 23 years ago
Authorization fails on D-LINK DI-804 firewall/router
Categories
(Core :: Networking: HTTP, defect)
Tracking
()
VERIFIED
DUPLICATE
of bug 143658
People
(Reporter: pmayes, Assigned: security-bugs)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.1) Gecko/20020826
Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.1) Gecko/20020826
The D-LINK DI-804 firewall/router uses WWW-Authenticate to control access.
Authorisation fails with Mozilla 1.1, but works with NS 4.79.
Reproducible: Always
Steps to Reproduce:
1. Get a D-LINK DI-804 firewall/router.
2. Wire it up. I have Win98 <==> DI-804 <==> DSL modem <==> Verizon.
3. The DI-804 has an HTTP interface. Talk to it at 192.168.0.1.
4. Select "Advanced Settings". It will put up an authentication dialog.
5. Enter admin/your-password.
Actual Results:
Username/password are rejected, and dialog is presented again.
Expected Results:
Advanced features page appears.
I turned off HTTP 1.1 and Keep-alive -- made no difference.
I traced the socket traffic for the two browsers - they are included
below. I can't see a lot of difference EXCEPT for that mysterious 8
(that's ASCII 8) that MOZ sent. (It's doing this with all HTTP
requests -- this is no HTTP that I've ever heard of, but may be some
new protocol?)
================= MOZILLA 1.1 traffic =====================
---------------------- recv ------------------------
HTTP/1.0 401 Unauthorized
Server: Router/1.2
Content-Type: text/html
Pragma: no-cache
Expires: 0
WWW-Authenticate: Basic Realm="Login as admin"
<html>
<head>
<title></title>
</head>
<body>
<h1>HTTP/1.0 401 Unauthorized </h1>
</body>
</html>
---------------------- send ------------------------
8
---------------------- recv ------------------------
---------------------- send ------------------------
GET /adv_dhcp.htm HTTP/1.0
Host: 192.168.0.1
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.1) Gecko/20020826
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,text/css,*/*;q=0.1
Accept-Language: en-us, en;q=0.50
Accept-Encoding: gzip, deflate, compress;q=0.9
Accept-Charset: ISO-8859-1, utf-8;q=0.66, *;q=0.66
Connection: close
Referer: http://192.168.0.1/
Authorization: Basic YWRtaW46c2xrZjEy
---------------------- recv ------------------------
HTTP/1.0 401 Unauthorized
Server: Router/1.2
Content-Type: text/html
Pragma: no-cache
Expires: 0
WWW-Authenticate: Basic Realm="Login as admin"
[ ... etc. ]
============= NETSCAPE 4.79 traffic =======================
---------------------- recv ------------------------
HTTP/1.0 401 Unauthorized
Server: Router/1.2
Content-Type: text/html
Pragma: no-cache
Expires: 0
WWW-Authenticate: Basic Realm="Login as admin"
<html>
<head>
<title></title>
</head>
<body>
<h1>HTTP/1.0 401 Unauthorized </h1>
</body>
</html>
---------------------- send ------------------------
GET /adv_dhcp.htm HTTP/1.0
Referer: http://192.168.0.1/
Connection: Keep-Alive
User-Agent: Mozilla/4.79 [en]C-CCK-MCD NSCPCD47 (Win98; U)
Host: 192.168.0.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Accept-Encoding: gzip
Accept-Language: en
Accept-Charset: iso-8859-1,*,utf-8
Authorization: Basic YWRtaW46c2xrZjEy
---------------------- recv ------------------------
HTTP/1.0 200 OK
Server: Router/1.2
Content-Type: text/html
Pragma: no-cache
Last Modified: Fri, 16 July 2001 01:01:01 GMT
<HTML><HEAD><TITLE>Advanced Settings - DHCP Server Settings</TITLE>
<META http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script language="javascript">
function isNaN1(s)
[ ... etc. ]
|
||
Comment 1•23 years ago
|
||
as you can see, mozilla sends the password :
Authorization: Basic YWRtaW46c2xrZjEy
*** This bug has been marked as a duplicate of 143658 ***
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
Component: Security: General → Networking: HTTP
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•