[Tickets #13274] Re: Sporadic IMAP login errors
noreply at bugs.horde.org
noreply at bugs.horde.org
Wed Jun 25 10:09:32 UTC 2014
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/13274
------------------------------------------------------------------------------
Ticket | 13274
Updated By | Thomas Jarosch <thomas.jarosch at intra2net.com>
Summary | Sporadic IMAP login errors
Queue | Horde Framework Packages
Version | Git master
Type | Bug
State | Unconfirmed
Priority | 1. Low
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
Thomas Jarosch <thomas.jarosch at intra2net.com> (2014-06-25 10:09) wrote:
Ok, I found out how to trigger the specific "No password provided" backtrace:
Just corrupt the Horde_Secret encrypted password in the session file :D
As I kept the PHP session file when the bug occurred the second time,
I was able to decrypt the stored IMAP password successfully
using the session ID as key. This basically means
the encrypted password was intact.
So either Horde_Secret somehow delivered a wrong secret key
for the decryption or the encryption engine (Horde_Crypt_Blowfish)
itself had problems. Even when I revert the recent Horde_Secret fixes
and try to trigger the specific buggy cookie behavior, all is fine.
Strangely though this was not a one time "page load" issue: The broken session
stayed broken, even when I entered different horde URLs into the browser
while keeping the same session ID.
Since I have debug verification code in Horde_Pack already,
I'll now do the same for Horde_Secret: Verify decryption on
Horde_Secret::write().
More information about the bugs
mailing list