[Exim] possible AUTH LOGIN bug

Página superior
Este mensaje es parte del siguiente hilo:
MEl árbol completo de hilos, ordenados por fecha
M 
Philip Hazel, mensaje del ->
Eliminar este mensaje
Responder a este mensaje
Autor: John Jetmore
Fecha:  
A: exim-users
Asunto: [Exim] possible AUTH LOGIN bug
I've been testing various combination of good/bad/empty passwords and
usernames for all the auth types, and I found what looks to be a bug in
LOGIN. I have the following authenticator:

auth_login:
driver = plaintext
public_name = LOGIN
server_prompts = Username:: : Password::
server_condition = ${if eq{${lookup{$1}dbmnz{GRULESD/auth.db}}}{$2}}{yes}{no}
server_set_id = $1

When I try to authenticate with a null username, $1 gets set to the
password. observe:

-> AUTH LOGIN
<- 334 VXNlcm5hbWU6
->
<- 334 UGFzc3dvcmQ6
-> dGVzdHBhc3M=
*** 535 Incorrect authentication data
=== No authentication type succeeded

The following entry gets put in the log file for this attempt:

2003-03-17 16:19:23 perl_auth_login authenticator failed for (HOST) [IP]: 535 Incorrect authentication data (set_id=testpass)

notice I'm logging $1 and the password shows up in the logfile. I have no
need for null usernames in real life, but I thought I'd report this.

--John



Este mensaje se envió a las siguientes listas de correo:
Exim-users
Información de la lista de correo | Mensajes cercanos		<-Re: [Exim] Reaction to rude 554 greetingRe: [Exim] Virtual domain setup redux->
Tahini and Hummus and Cumin Development Archives administrado por cumin AdminsLurker (versión 2.3)