too many attempts to autologin with incorrect passwd locks out win2k account

VERIFIED FIXED

Status

MailNews Core
Networking: IMAP
VERIFIED FIXED
14 years ago
9 years ago

People

(Reporter: Marius Strumyla, Assigned: Bienvenu)

Tracking

Trunk
x86
Windows 2000

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

(Reporter)

Description

14 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5a) Gecko/20030727 Mozilla Firebird/0.6.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5a) Gecko/20030727 Mozilla Firebird/0.6.1

when i startup Messenger, it tries to automatically connect and download new
messages. if the IMAP password stored by Password Manager is incorrect, the
Messenger locks out my win2k account. i get several messages that the login
failed but i cannot stop the messenger from trying to login.

i think the messenger should try logging in two or three times and then give up.
our network system is set up to allow three incorrect login attempts. i think
this is a standard number.

Reproducible: Always

Steps to Reproduce:
[u have to have an IMAP account]

1. make sure "Check for new messages at startup" is checked
2. when you launch the messenger, enter the password and check "Use Password
Manager to remember this password"
3. quit the messenger [and mozilla]
4. change your windows password.
5. start messenger and watch the messages about failed attempts to login appear
until it locks out your account.
Actual Results:  
the win2k account is locked out.

Expected Results:  
the messenger should give up after 3 attempts or should provide a way out of the
autologin.
Christian: 
Is this related to the other bug with password looping ?

Comment 2

14 years ago
Unfortunately there a lot more then "the other bug". Every one with a different
title.
IMHO it's the wrong system to assume a saved password can not be wrong and
therefore hasn't to be discarded.

To stop after the third fail is possible to implement. But it would be more easy
to stop at the first failing login. In which case could the first (and maybe the
second) try fail but the immediate following next try succeed?
IMHO it's nice to think of a three chances policy but needless in the real world.
But examples are welcome.
Status: UNCONFIRMED → NEW
Ever confirmed: true
(Assignee)

Comment 3

14 years ago
The imap code tries three or four times, but each time it prompts the user for a
new password, and allows the user to cancel the login process. At least, that's
the way it's supposed to work.

Comment 4

14 years ago
Unfortunately I can't test IMAP and don't know the code right now.

I thought it works the same way as the SMTP&POP code and the reporters
description confirmed this assumption. But if you're right this bug could really
be quite different.

And you're position is also to never do automated successive tries, yes?
(Assignee)

Comment 5

14 years ago
we try auth login and then login, but if the auth login fails, we're silent
about it, i.e., we don't put up an error msg.
Status: NEW → ASSIGNED
(Assignee)

Comment 6

14 years ago
the fix for http://bugzilla.mozilla.org/show_bug.cgi?id=160425 caused this
problem (and many others, from what I hear). Personally, I think we should just
back that fix out and rethink it.

Comment 7

14 years ago
I support backing out the fix. And then look for the reason why timeouts caused
deletion of the passwords.
(Assignee)

Comment 8

14 years ago
Created attachment 128891 [details] [diff] [review]
proposed fix

this will fix the problem. I'll go re-open the other bug once this is checked
in.

Updated

14 years ago
Attachment #128891 - Flags: superreview+
(Assignee)

Comment 9

14 years ago
Created attachment 128895 [details] [diff] [review]
don't forget password if user presses stop

this patch makes it so we don't forget the imap password if the user presses
stop, and cleans up some other little things. We still need to try to fix other
causes of logon failing but this is a start.
(Assignee)

Comment 10

14 years ago
fixed
Status: ASSIGNED → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → FIXED

Comment 11

14 years ago
*** Bug 214575 has been marked as a duplicate of this bug. ***

Comment 12

14 years ago
*** Bug 215849 has been marked as a duplicate of this bug. ***
(Reporter)

Comment 13

14 years ago
works as expected :) it doesn't try to autologin too many times but instead asks
for a new password.
Status: RESOLVED → VERIFIED

Comment 14

14 years ago
*** Bug 210990 has been marked as a duplicate of this bug. ***
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.