Re: [Evolution] asterisks and percent signs in passwords

From: Patrick O'Callaghan <poc usb ve>
To: Jason Anderson <nk0qfru02 sneakemail com>
Cc: evolution-list gnome org
Subject: Re: [Evolution] asterisks and percent signs in passwords
Date: Fri, 14 Dec 2007 09:58:06 +0000

Jason Anderson wrote:

My password contains a percent sign and an asterisk.  Both of these symbols seem to cause login errors with IMAP and 
PLAIN authentication.  Some sniffing reveals a simple password "ab" is sent like so:

   C00001 LOGIN jasona ab
   C00001 NO Login failed.

A percent sign causes the password to be sent differently, and the server either doesn't respond or says "Error in 
IMAP command received by server".

   C00002 LOGIN jasona {2+}
   a%

An asterisk seems to cause the same sending format, but it also causes the server to close the connection.

   A00002 LOGIN jasona {2+}
   a*

This is Evolution 2.10.3 on F7 talking to Courier on NetBSD (I think).

Is this a problem with my mailserver?  My quick browsing of some RFCs didn't show the {2+} syntax to be valid.


Section 4.3 of RFC 3501 (http://www.faqs.org/rfcs/rfc3501.html) says:

  A literal is a sequence of zero or more octets (including CR and
  LF), prefix-quoted with an octet count in the form of an open
  brace ("{"), the number of octets, close brace ("}"), and CRLF.

It doesn't say anything about the '+' though. In fact the formal syntaxdoesn't seem to allow it so I don't know what's going on here.

I have non-alphanumerics in my own password (using a Cyrus server) withno problems.

poc

References:
- [Evolution] asterisks and percent signs in passwords
  - From: Jason Anderson

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]