View Issue Details

IDProjectCategoryView StatusLast Update
0002893SOGoBackend Mailpublic2015-06-09 15:59
ReporterChristian Mack Assigned Toludovic  
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
PlatformLinuxOSCentOSOS Version5.6
Product Version2.2.7 
Target Version2.3.1Fixed in Version2.3.1 
Summary0002893: When your password contains a '\' character, you can not login to IMAP server
Description

Since SOGo Version 2.2.7 you can not use any password containing a '\' character (== backslash).
You can login into the web interface, can use calendars and address books, but you can not connect to your IMAP account.
You always get an empty email account.
With empty I mean no Folders, no emails.

In sogo.log I see:
Aug 13 10:03:10 sogod [30191]: [ERROR] <0x0x2b319eaff5c8[NGImap4ConnectionManager]> IMAP4 login failed:
host=imap.uni-konstanz.de, user=testuser, pwd=yes
url=imaps://testuser@imap.uni-konstanz.de/
base=(null)
base-class=(null))
= <0x0x2b319f24eeb8[NGImap4Client]: login=testuser(pwd) socket=<NGActiveSSLSocket[0x0x2b319f24f1c8]: mode=rw address=<0x0x2b319f39c248[NGInternetSocketAddress]: host=sogo-server port=48403> connectedTo=<0x0x2b319f2
4f048[NGInternetSocketAddress]: host=imap.uni-konstanz.de port=993>>>

And in the cyrus log I get:
Aug 11 19:12:56 imap-server imaps[5299]: [ID 914338 local6.notice] badlogin: sogo-server.uni-konstanz.de [134.34.YYY.XXX] plaintext testuser SASL(-13): authentication failure: checkpass failed

Steps To Reproduce

1) Create user A with password "aaaaaaa"
2) Login into SOGo as user A
=> All OK, you can use email
3) logout
4) change password of user A to "aaa\aaaa"
5) Login again
=> You can not use email!!

Additional Information

SOGo Server: 2.2.7
IMAP server: cyrus 2.4

TagsNo tags attached.

Activities

lemeurt

lemeurt

2014-12-02 11:48

reporter   ~0007763

I've noticed a similar issue when the password contains an accentuated character such as "é" (eacute)

tanstaafl

tanstaafl

2014-12-02 15:02

reporter   ~0007764

Interesting.

We enforce strong passwords with a random password generator, and haven't noticed any issues, and I'd be surprised if someone in here doesn't have a password with a backslash in it...

So, is this just an issue with the web UI? MEaning, would we have the same problem with Thunderbird?

Christian Mack

Christian Mack

2014-12-03 03:45

developer   ~0007766

As this is only a problem when SOGo accesses IMAP, you don't have this with Thunderbird.
Thunderbird accesses IMAP on its own.

But ActiveSync does have this problem too.

ludovic

ludovic

2015-06-09 15:59

administrator   ~0008608

https://github.com/inverse-inc/sope/commit/b738adc8abea04c8b6e733e1fd26779f9e2c0fb1

Issue History

Date Modified Username Field Change
2014-08-13 04:40 Christian Mack New Issue
2014-12-02 11:48 lemeurt Note Added: 0007763
2014-12-02 15:02 tanstaafl Note Added: 0007764
2014-12-03 03:45 Christian Mack Note Added: 0007766
2015-05-21 14:28 ludovic Target Version => 2.3.1
2015-06-09 15:59 ludovic Note Added: 0008608
2015-06-09 15:59 ludovic Status new => resolved
2015-06-09 15:59 ludovic Fixed in Version => 2.3.1
2015-06-09 15:59 ludovic Resolution open => fixed
2015-06-09 15:59 ludovic Assigned To => ludovic