Communicator 4.04 little bug

Kenobi (kenobi@PULHAS.ORG)
Sun, 07 Dec 1997 18:34:30 +0000


i was testing some stuff with Digest Authentication and notice this little
problem with Communicator 4.04 (Tested on Linux and NT). IE3.02 (the only
available around here) does not experience this problem.

Apparently Communicator does not suport Digest Auth but it still accepts
the challenge. After the user enter his username and password, Communicator
sends it to the server but obfuscated with Basic.

Now, if you set up a site protected with Digest, you would expect the
password not to travel plaintext (basic is plaintext) on the network, but
that is what happens.

the correct procedure would be to fail right there when he receives the
WWW-Authenticate: Digest header, like IE does.

Kenobi, JAPH BOFH Not-Eng
 -- I dunno, I dream in Perl, sometimes -- LWall