Closed Bug 453342 Opened 17 years ago Closed 17 years ago

basic authorization header sent incorrectly if it contains non-US-ASCII characters

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED DUPLICATE of bug 41489

People

(Reporter: ghiloni, Unassigned)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/20080623 Firefox/2.0.0.15 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/20080623 Firefox/2.0.0.15 Apologies if this has been filed before, I cannot find something related. When responding to an HTTP 401 via the Basic Authorization dialog, if the username or password contains UTF-8 (or other, non-ASCII) characters, the Base64 encoding algorithm encodes the header incorrectly. For example, the auth header 你好世界:password should be encoded as 5L2g5aW95LiW55WMOnBhc3N3b3Jk but instead is encoded as YH0WTDpwYXNzd29yZA== I had a similar bug in my encoding algorithm -- it was caused by not UTF-8 encoding the string before base64 encoding it. Hope that helps resolve it. This happens on 2.0.0.15 and 3.0.1 Reproducible: Always Steps to Reproduce: 1. Find a site that has a user that uses non-ASCII characters (unfortunately, I cannot share mine as it is part of my corporate network and not internet-facing) 2. Attempt to log in using that user Actual Results: EVen though the user is valid, you should receive another 401. Expected Results: You should receive a 200.
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.