Authorization fails on D-LINK DI-804 firewall/router

VERIFIED DUPLICATE of bug 143658

Status

()

VERIFIED DUPLICATE of bug 143658
16 years ago
16 years ago

People

(Reporter: pmayes, Assigned: security-bugs)

Tracking

Trunk
x86
Windows 98
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

16 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.1) Gecko/20020826
Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.1) Gecko/20020826

The D-LINK DI-804 firewall/router uses WWW-Authenticate to control access.
Authorisation fails with Mozilla 1.1, but works with NS 4.79.


Reproducible: Always

Steps to Reproduce:
1. Get a D-LINK DI-804 firewall/router.
2. Wire it up.  I have Win98 <==> DI-804 <==> DSL modem <==> Verizon.
3. The DI-804 has an HTTP interface.  Talk to it at 192.168.0.1.
4. Select "Advanced Settings".  It will put up an authentication dialog.
5. Enter admin/your-password.

Actual Results:  
Username/password are rejected, and dialog is presented again.


Expected Results:  
Advanced features page appears.


I turned off HTTP 1.1 and Keep-alive -- made no difference.
I traced the socket traffic for the two browsers - they are included
below.  I can't see a lot of difference EXCEPT for that mysterious 8
(that's ASCII 8) that MOZ sent.  (It's doing this with all HTTP
requests -- this is no HTTP that I've ever heard of, but may be some
new protocol?)

================= MOZILLA 1.1 traffic =====================
---------------------- recv ------------------------
HTTP/1.0 401 Unauthorized
Server: Router/1.2
Content-Type: text/html
Pragma: no-cache
Expires: 0
WWW-Authenticate: Basic Realm="Login as admin"

<html>

<head>
<title></title>
</head>

<body>
<h1>HTTP/1.0 401 Unauthorized </h1>
</body>
</html>

---------------------- send ------------------------
8
---------------------- recv ------------------------

---------------------- send ------------------------
GET /adv_dhcp.htm HTTP/1.0
Host: 192.168.0.1
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.1) Gecko/20020826
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,text/css,*/*;q=0.1
Accept-Language: en-us, en;q=0.50
Accept-Encoding: gzip, deflate, compress;q=0.9
Accept-Charset: ISO-8859-1, utf-8;q=0.66, *;q=0.66
Connection: close
Referer: http://192.168.0.1/
Authorization: Basic YWRtaW46c2xrZjEy


---------------------- recv ------------------------
HTTP/1.0 401 Unauthorized
Server: Router/1.2
Content-Type: text/html
Pragma: no-cache
Expires: 0
WWW-Authenticate: Basic Realm="Login as admin"

[ ... etc. ]

============= NETSCAPE 4.79 traffic =======================
---------------------- recv ------------------------
HTTP/1.0 401 Unauthorized
Server: Router/1.2
Content-Type: text/html
Pragma: no-cache
Expires: 0
WWW-Authenticate: Basic Realm="Login as admin"

<html>

<head>
<title></title>
</head>

<body>
<h1>HTTP/1.0 401 Unauthorized </h1>
</body>
</html>
---------------------- send ------------------------
GET /adv_dhcp.htm HTTP/1.0
Referer: http://192.168.0.1/
Connection: Keep-Alive
User-Agent: Mozilla/4.79 [en]C-CCK-MCD NSCPCD47  (Win98; U)
Host: 192.168.0.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
Accept-Encoding: gzip
Accept-Language: en
Accept-Charset: iso-8859-1,*,utf-8
Authorization: Basic YWRtaW46c2xrZjEy


---------------------- recv ------------------------
HTTP/1.0 200 OK
Server: Router/1.2
Content-Type: text/html
Pragma: no-cache
Last Modified: Fri, 16 July 2001 01:01:01 GMT

<HTML><HEAD><TITLE>Advanced Settings - DHCP Server Settings</TITLE>
<META http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script language="javascript">
function isNaN1(s)

[ ... etc. ]
as you can see, mozilla sends the password :
Authorization: Basic YWRtaW46c2xrZjEy

*** This bug has been marked as a duplicate of 143658 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 16 years ago
Component: Security: General → Networking: HTTP
Resolution: --- → DUPLICATE

Comment 2

16 years ago
Verified dupe.
Status: RESOLVED → VERIFIED
QA Contact: bsharma → junruh
You need to log in before you can comment on or make changes to this bug.