Closed Bug 196928 Opened 23 years ago Closed 22 years ago

SMTP PLAIN auth broken, submits long string of chars rather than a cleartext pass

Categories

(MailNews Core :: Networking: SMTP, defect)

Product:
MailNews Core
Component:
Networking: SMTP
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: jsnell, Assigned: mscott)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3b) Gecko/20030210 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3b) Gecko/20030210 When PLAIN is the only auth mech available, mozilla responds with something like: AUTH PLAIN (long string of characters which resembles an md5 sum) Using sendmail 8.12.8 with cyrus sasl. The string of characters changes each time even with the same passowrd. Reproducible: Always Steps to Reproduce: 1. Set up sendmail (or others?) so that plain auth is the only mech available 2. Attempt to send outgoing mail through it 3. Actual Results: Server rejected the auth because it didn't get a valid pass Expected Results: sent: AUTH PLAIN <my password in cleartext> to the smtp server
I suspect the problem is what you describe as strings like AUTH PLAIN ADg5MjQ3MzEAdGVzdA== are correct. Your passwort is never transmitted as real cleartext but base64 coded, even in PLAIN mode. But this string shouldn't change each time ... How are you sure, the "long string of characters" resembles to an md5 sum?
I have the same problem, I cannot send e-mails when plain authentication is needed. I have Mozilla 1.4 RC1 and Windows 2000. With Netscape 4.79 it works (with the same configuration, user and password), so I took a look at the protocol in both cases: << Mozilla 1.4 RC1(FAILED): ==== 220 ESMTP service ready on EHLO terra.es 250-tsmtp8.mail.isp 250-PIPELINING 250-ETRN 250-DSN 250-SIZE 26214400 250-AUTH PLAIN LOGIN 250 AUTH=LOGIN AUTH PLAIN AHhta...xlbGluZS5lcwB4bWkxNzE= 501 Invalid Login AUTH LOGIN eG1pcm9n...bGVsaW5lLmVz 334 UGF...cmQ6 eG1...cx 501 Invalid Login AUTH PLAIN AHhta...xlbGluZS5lcwB4bWkxNzE= ... (etc.) Netscape 4.79(SUCCESSFUL): ===== 220 ESMTP service ready on EHLO terra.es 250-tsmtp10.mail.isp 250-PIPELINING 250-ETRN 250-DSN 250-SIZE 250-AUTH PLAIN LOGIN 250 AUTH=LOGIN AUTH PLAIN AHhta.....xlbGluZS5lcwBtcnR2bnMyOQ== 235 Authentication successful >> The AUTH PLAIN string is almost equal, but differs after the sequence "...S5lcwB". It seems the problem is the generation of the AUTH string. I hope this helps to diagnose the error.
Sorry, I think I have not used the same password in my test (see the last message), so I can't say Mozilla 1.4 RC1 actually have this error. I will try to be more thorough the next time before adding comments to a bug. Sorry again. (BTW: In my last message I have written the plain text strings of my test, but the account passwords have been changed before and after the tests, in order to keep them secret).
I'm not sure if this has been fixed in current versions or my debugging was flawed in the past. It seems to work fine now: T 192.168.1.58:4433 -> 192.168.10.180:25 [AP] AUTH PLAIN xxxxxxxxxxxxxxxx.. ## T 192.168.10.180:25 -> 192.168.1.58:4433 [AP] 235 ok, go ahead (#2.0.0).. I'm not sure if this should go to "fixed" or "worksforme" so i'll leave the status as unconfirmed for now.
We made a lot of changes in SMTP authentication since 1.3b, but IIRC nothing regarding the PLAIN mechanism. So I close this with WFM based on your comment.
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → WORKSFORME
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.