Open
Bug 286099
Opened 19 years ago
Updated 2 years ago
ntlm sends wrong/different password
Categories
(Core :: Networking: HTTP, defect, P5)
Tracking
()
NEW
People
(Reporter: sec, Unassigned)
Details
(Whiteboard: [ntlm][necko-would-take])
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050225 Firefox/1.0.1 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050225 Firefox/1.0.1 When accessing an NTLM-auth webpage, and firefox is configured to automatically send the password via "network.automatic-ntlm-auth.trusted-uris" it always sends the logged in users password. This is different from IE. If you connect to a hostname for which windows already has a password (e.g. because it has a samba share), IE does send that password instead of the users password. Reproducible: Always Steps to Reproduce: 1. have local samba server called "dummy". 2. set local users password to "local", samba password to "remote" 3. acces the fileshare \\dummy, enter "remote" and check "[x] Remember this password" 4. with IE, access http://dummy/ntlmpage.html - watch it work without password 5. in Firefoxset network.automatic-ntlm-auth.trusted-uris="dummy" and access http://dummy/ntlmpage.html Actual Results: Firefox tries automatic logon with the password "local" which fails, and then pops up the password dialog. Expected Results: Firefox should have used the password "remote" for auto login. I suspect, the above problem extends to the username used, too. I haven't tested that.
Assignee: bugs → darin
Component: OS Integration → Networking: HTTP
Product: Firefox → Core
QA Contact: os-integration → networking.http
Version: unspecified → 1.7 Branch
|
||
Comment 1•19 years ago
|
||
This is an automated message, with ID "auto-resolve01". This bug has had no comments for a long time. Statistically, we have found that bug reports that have not been confirmed by a second user after three months are highly unlikely to be the source of a fix to the code. While your input is very important to us, our resources are limited and so we are asking for your help in focussing our efforts. If you can still reproduce this problem in the latest version of the product (see below for how to obtain a copy) or, for feature requests, if it's not present in the latest version and you still believe we should implement it, please visit the URL of this bug (given at the top of this mail) and add a comment to that effect, giving more reproduction information if you have it. If it is not a problem any longer, you need take no action. If this bug is not changed in any way in the next two weeks, it will be automatically resolved. Thank you for your help in this matter. The latest beta releases can be obtained from: Firefox: http://www.mozilla.org/projects/firefox/ Thunderbird: http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html Seamonkey: http://www.mozilla.org/projects/seamonkey/
|
||
Comment 2•19 years ago
|
||
Interesting bug. Firefox is just using Microsoft's SSPI library. I'm surprised that it selects different login credentials than what IE selects. Bah, that is very unfortunate :-( I don't think anything has changed since this bug has filed that could have fixed the problem. Confirming, but no chance that this will be fixed for Firefox 1.5 :-(
Status: UNCONFIRMED → NEW
Ever confirmed: true
Target Milestone: --- → mozilla1.9alpha
Version: 1.7 Branch → Trunk
|
||
Comment 3•19 years ago
|
||
(In reply to comment #2) > Confirming, but no chance that this will be fixed for Firefox 1.5 :-( That's unfortunate, as I believe this is an inherent problem in the entire NTLM system that was broken in Firefox 1.5, which renders Firefox unusable. Check out these messages: http://groups.google.com/group/netscape.public.beta.feedback/browse_thread/thread/5ad05ca323dc79cf/ec5bdee2d6443a71?q=proxy&rnum=6#ec5bdee2d6443a71 http://groups.google.com/group/netscape.public.beta.feedback/browse_thread/thread/ef255f6338db159e/638c889914d85872?q=proxy&rnum=35#638c889914d85872 http://groups.google.com/group/netscape.public.beta.feedback/browse_thread/thread/569e69113120b0cf/f1bf1cec95917ef8?q=proxy&rnum=4#f1bf1cec95917ef8 It's not uncommon to have a proxy server, or something that pretends to be a proxy server such as Microsoft's IAS, require different credentials to what the user logs into their workstation with. Try to understand users frustration when they now receive an annoying popup box asking them for the exact same information for every item on a web page, particularly when most web pages these days contain a hundred or so items, and the default setting is "cancel" so one can't simply hold down the enter key until they all go away - not really an acceptable workaround but certainly better than having to reach for the mouse and point it to the right button 100 times a page.
|
|
||
Updated•18 years ago
|
Priority: -- → P3
|
|
||
Updated•18 years ago
|
Assignee: darin → nobody
Target Milestone: mozilla1.9alpha → ---
|
||
Comment 4•16 years ago
|
||
Matthew writes "I'm not sure if 2.0.0.14 is still affected by this bug - I've changed employers ... no longer in that environment to re-test." Sec, do you still see this problem?
|
||
Updated•8 years ago
|
Whiteboard: [ntlm][necko-would-take]
|
||
Comment 5•7 years ago
|
||
Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258
Priority: P3 → P5
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•