[Pine-info] Trailing blanks on passwords

[Mike Porter]

Hi,

Pine version: 4.64, downloaded a few minutes ago.

Summary: bug, passwords with trailing blanks have the trailing
blanks removed before the username/password is encoded for
authenticate plain.

The account has a password of 'testme '.  I took the following ethereal
traces:

  OK <hostname> Mirapoint IMAP4 3.7.1-GA server ready
00000000 CAPABILITY
* CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS IDLE AUTH=PLAIN UNSELECT
00000000 OK Completed
00000001 AUTHENTICATE PLAIN
+ 
AG1pa2UxAHRlc3QgbWU=
00000001 NO Login incorrect
00000002 AUTHENTICATE PLAIN
+ 
AG1pa2UxAHRlc3RtZQ==
00000002 NO Login incorrect
00000003 AUTHENTICATE PLAIN
+

The first password is wrong, but I just wanted to see blanks:

[mike at crackerjack ~]$ ./64 AG1pa2UxAHRlc3QgbWU=
'mike1test me'
'0.109.105.107.101.49.0.116.101.115.116.32.109.101'

The second decodes as:

[mike at crackerjack ~]$ ./64 AG1pa2UxAHRlc3RtZQ==
'mike1testme'
'0.109.105.107.101.49.0.116.101.115.116.109.101'

You'll have to trust me that I did type 'testme ' for the password.

And finally:

telnet <hostname>
Trying <IP>
Connected to <hostname> (<IP>).
Escape character is '^]'.
* OK <hostname> Mirapoint IMAP4 3.7.1-GA server ready
f authenticate plain
+
AG1pa2UxAHRlc3RtZSA=
f OK User logged in

mike at crackerjack ~]$ ./64 AG1pa2UxAHRlc3RtZSA=
'mike1testme '
'0.109.105.107.101.49.0.116.101.115.116.109.101.32'


So, indeed the password is 'testme ', and the imap server does
accept it.

Thanks,

Mike

Mike Porter
Senior Systems Programmer
University of Delaware

-
Mike Porter
PGP Fingerprint: F4 AE E1 9F 67 F7 DA EA  2F D2 37 F3 99 ED D1 C2