Closed
Bug 439463
Opened 16 years ago
Closed 13 years ago
Firefox ask user and password on every CONNECT to an NTLM authenticated proxy
Categories
(Firefox :: General, defect)
Firefox
General
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: unaiur, Unassigned)
References
()
Details
(Whiteboard: [CLOSEME 2011-1-30])
Attachments
(1 file)
|
4.07 KB,
application/x-extension-pcap
|
Details |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.9) Gecko/2008060309 Firefox/3.0 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.9) Gecko/2008060309 Firefox/3.0 When Firefox calls twice the CONNECT method on an NTLM authenticated proxy, it doesn't renegotiates a new challenge and replays the first CONNECT authentication. It's interpreted as a replay attack by the proxy and returns 407 error. Reproducible: Always Steps to Reproduce: 1. Configure an NTLM proxy (squid, for example) 2. Type the URL https://aplitic.xtec.cat/pls/e13_pav Actual Results: The proxy password is asked twice Expected Results: The proxy password shouldn't be asked again
|
Reporter | |
Comment 1•16 years ago
|
||
The second connection issues the directly an NTLM_AUTH command reusing the challenge in the first connection. This isn't allowed, it should issued an NTLM_NEGOTIATE command like the first connection.
|
|
Reporter | |
Comment 2•16 years ago
|
||
It's reproducible in FF 2.0.12
|
||
Comment 3•16 years ago
|
||
maybe related to bug 230190 and 339804 ?
|
||
Comment 4•16 years ago
|
||
Seems to be the same as bug 445514
|
||
Comment 5•16 years ago
|
||
Not blocking until this is confirmed; looks like it might be a dupe as per comment 4
Flags: blocking-firefox3.1?
|
||
Comment 6•16 years ago
|
||
this seems identical to bug 366562 to me. visiting the https://aplitic.xtec.cat/pls/e13_pav through our ntlm auth squid proxy presents the login prompt
|
|
||
Comment 7•15 years ago
|
||
Unable to reproduce this after update from 3.0.7 to 3.0.8 Can anyone confirm?
|
|
||
Comment 8•15 years ago
|
||
Sometimes I don't get this happening for days, then get a run of them! I clicked the URL listed at the top of this bug in FF 3.0.8 and still got the login prompt
|
||
Comment 9•15 years ago
|
||
Looks like my 439463 is a dupe of this. I can confirme the url in this bug triggers the bad NTLM auth sequence for me.
|
|
||
Comment 10•15 years ago
|
||
Excuse me I meant 486508 is a dupe of this.
|
||
Comment 11•14 years ago
|
||
Isn't this issue a duplicate of bug 318253 ?
|
||
Comment 12•14 years ago
|
||
Reporter, are you still seeing this issue with Firefox 3.6.13 or later in safe mode? If not, please close. These links can help you in your testing. http://support.mozilla.com/kb/Safe+Mode http://support.mozilla.com/kb/Managing+profiles You can also try to reproduce in Firefox 4 Beta 8 or later, there are many improvements in the new version, http://www.mozilla.com/en-US/firefox/all-beta.html
Whiteboard: [CLOSEME 2011-1-30]
|
|
||
Comment 13•13 years ago
|
||
No reply, INCOMPLETE. Please retest with Firefox 3.6.13 or later and a new profile (http://support.mozilla.com/kb/Managing+profiles). If you continue to see this issue with the newest firefox and a new profile, then please comment on this bug.
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•