SMTP PLAIN auth broken, submits long string of chars rather than a cleartext pass

RESOLVED WORKSFORME

Status

MailNews Core
Networking: SMTP
RESOLVED WORKSFORME
15 years ago
9 years ago

People

(Reporter: jon snell, Assigned: Scott MacGregor)

Tracking

Trunk
x86
Windows 2000

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

15 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3b) Gecko/20030210
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3b) Gecko/20030210

When PLAIN is the only auth mech available, mozilla responds with something like:
AUTH PLAIN (long string of characters which resembles an md5 sum)
Using sendmail 8.12.8 with cyrus sasl.
The string of characters changes each time even with the same passowrd.

Reproducible: Always

Steps to Reproduce:
1. Set up sendmail (or others?)  so that plain auth is the only mech available
2. Attempt to send outgoing mail through it
3.

Actual Results:  
Server rejected the auth because it didn't get a valid pass

Expected Results:  
sent:
AUTH PLAIN <my password in cleartext>
to the smtp server

Comment 1

15 years ago
I suspect the problem is what you describe as strings like
AUTH PLAIN ADg5MjQ3MzEAdGVzdA==
are correct. Your passwort is never transmitted as real cleartext but base64
coded, even in PLAIN mode.

But this string shouldn't change each time ...
How are you sure, the "long string of characters" resembles to an md5 sum?

Comment 2

15 years ago
I have the same problem, I cannot send e-mails when plain authentication is
needed. I have Mozilla 1.4 RC1 and Windows 2000. With Netscape 4.79 it works
(with the same configuration, user and password), so I took a look at the
protocol in both cases:

<<

Mozilla 1.4 RC1(FAILED):
====

220 ESMTP service ready on 

EHLO terra.es

250-tsmtp8.mail.isp
250-PIPELINING
250-ETRN
250-DSN
250-SIZE 26214400
250-AUTH PLAIN LOGIN
250 AUTH=LOGIN

AUTH PLAIN AHhta...xlbGluZS5lcwB4bWkxNzE=

501 Invalid Login

AUTH LOGIN eG1pcm9n...bGVsaW5lLmVz

334 UGF...cmQ6

eG1...cx

501 Invalid Login

AUTH PLAIN AHhta...xlbGluZS5lcwB4bWkxNzE=

... (etc.)

Netscape 4.79(SUCCESSFUL):
=====

220 ESMTP service ready on 

EHLO terra.es

250-tsmtp10.mail.isp
250-PIPELINING
250-ETRN
250-DSN
250-SIZE
250-AUTH PLAIN LOGIN
250 AUTH=LOGIN

AUTH PLAIN AHhta.....xlbGluZS5lcwBtcnR2bnMyOQ==

235 Authentication successful

>>

The AUTH PLAIN string is almost equal, but differs after the sequence
"...S5lcwB". It seems the problem is the generation of the AUTH string. I hope
this helps to diagnose the error.

Comment 3

15 years ago
Sorry, I think I have not used the same password in my test (see the last
message), so I can't say Mozilla 1.4 RC1 actually have this error. I will try to
be more thorough the next time before adding comments to a bug. Sorry again.

(BTW: In my last message I have written the plain text strings of my test, but
the account passwords have been changed before and after the tests, in order to
keep them secret).
(Reporter)

Comment 4

15 years ago
I'm not sure if this has been fixed in current versions or my debugging was
flawed in the past.  It seems to work fine now:

T 192.168.1.58:4433 -> 192.168.10.180:25 [AP]
  AUTH PLAIN xxxxxxxxxxxxxxxx..                         
##
T 192.168.10.180:25 -> 192.168.1.58:4433 [AP]
  235 ok, go ahead (#2.0.0)..                                           

I'm not sure if this should go to "fixed" or "worksforme" so i'll leave the
status as unconfirmed for now.
  

Comment 5

15 years ago
We made a lot of changes in SMTP authentication since 1.3b, but IIRC nothing
regarding the PLAIN mechanism.
So I close this with WFM based on your comment.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → WORKSFORME
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.