View Issue Details

IDProjectCategoryView StatusLast Update
0005485SOGoWeb Mailpublic2022-03-08 21:44
ReporterMAGIC Assigned Tofrancis  
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
PlatformLinuxOSDebianOS Versionbullseye
Product Version5.5.0 
Fixed in Version5.6.0 
Summary0005485: If password >135chars, login fails
Description

Hello,

We got in our bugtracker following issue, but this seems rather a SoGO issue I suppose

Login fails if password length is more than 135 characters.

Steps To Reproduce

Create a new mailbox with a password with more than 135 characters. Try to login into SOGo. Login fails. Change password to 135 or less characters. Login into SOGo will succeed.

Additional Information

https://github.com/mailcow/mailcow-dockerized/issues/4485

TagsNo tags attached.

Activities

francis

francis

2022-03-01 14:45

administrator   ~0015924

Is your users source of type SQL or LDAP?

MAGIC

MAGIC

2022-03-02 17:26

reporter   ~0015926

We use MySQL as db

francis

francis

2022-03-04 14:45

administrator   ~0015930

Share you DB schema.

MAGIC

MAGIC

2022-03-06 15:19

reporter   ~0015931

Last edited: 2022-03-07 20:40

We use following schema for the mailbox table.

CREATE TABLE `mailbox` (
  `username` varchar(255) NOT NULL,
  `password` varchar(255) NOT NULL,
  `name` varchar(255) DEFAULT NULL,
  `quota` bigint(20) NOT NULL DEFAULT 102400,
  `local_part` varchar(255) NOT NULL,
  `domain` varchar(255) NOT NULL,
  `kind` varchar(100) NOT NULL DEFAULT '',
  `multiple_bookings` int(11) NOT NULL DEFAULT -1,
  `created` datetime NOT NULL DEFAULT current_timestamp(),
  `modified` datetime DEFAULT NULL ON UPDATE current_timestamp(),
  `active` tinyint(1) NOT NULL DEFAULT 1,
  `attributes` longtext CHARACTER SET utf8mb4 COLLATE utf8mb4_bin DEFAULT NULL CHECK (json_valid(`attributes`)),
  `mailbox_path_prefix` varchar(150) DEFAULT '/var/vmail/',
  `description` varchar(255) DEFAULT NULL,
  PRIMARY KEY (`username`),
  KEY `domain` (`domain`),
  KEY `kind` (`kind`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ROW_FORMAT=DYNAMIC

password is hashed with BLF-CRYPT

francis

francis

2022-03-08 21:44

administrator   ~0015941

You'll need to drop your session table (OCSSessionsFolderURL) and restart sogod.

Related Changesets

sogo: master a965f276

2022-03-08 21:28

francis


Details Diff
fix(web): support passwords up to 2048 characters

Fixes 0005485
Affected Issues
0005485
mod - Documentation/SOGoInstallationGuide.asciidoc Diff File
mod - SOPE/GDLContentStore/GCSSpecialQueries.m Diff File
mod - SoObjects/SOGo/SOGoSession.m Diff File
mod - SoObjects/SOGo/SOGoWebAuthenticator.m Diff File

Issue History

Date Modified Username Field Change
2022-02-22 17:31 MAGIC New Issue
2022-03-01 14:45 francis Note Added: 0015924
2022-03-02 17:26 MAGIC Note Added: 0015926
2022-03-04 14:45 francis Note Added: 0015930
2022-03-06 15:19 MAGIC Note Added: 0015931
2022-03-07 20:40 francis Note Edited: 0015931
2022-03-08 21:34 francis Changeset attached => sogo master a965f276
2022-03-08 21:34 francis Assigned To => francis
2022-03-08 21:34 francis Resolution open => fixed
2022-03-08 21:44 francis Status new => resolved
2022-03-08 21:44 francis Fixed in Version => 5.6.0
2022-03-08 21:44 francis Note Added: 0015941