auth-plain numeric password fails
Andreas Winkelmann
ml at awinkelmann.de
Fri Sep 23 04:27:18 EDT 2005
Am Friday 23 September 2005 09:27 schrieb Artur:
> I'm new subscriber of this list. I think I've noticed something
> interesting but I.m not sure if it is new for you. I also don't know if it
> is local problem on my machine/installation or global problem. OK, so now
> what I have found interesting. When authorizing using cyrus-sasl with
> postfix (maybe other MTA too) authorization fails with method auth-plain
> but works ok with auth-login when password begin with digit. I've tested
> passwords like '123' and '1aaaa2'. I generated passwords with commands:
> for auth login:
> printf 'test'|mimencode
> printf '123'|mimencode
> for auth plain:
> printf 'test\0test\0123'|mimencode
$ printf "test\0test\0123"|hex
0000 74 65 73 74 00 74 65 73 74 0a 33 test.tes t.3
$ printf "test\0test\000123"|hex
0000 74 65 73 74 00 74 65 73 74 00 31 32 33 test.tes t.123
> I think that it can be a problem with encoding also. Anyway,
> authentication fails with auth plain when after \0 is digit.
Best to test something like that with a real MUA.
--
Andreas
More information about the Cyrus-sasl
mailing list