Closed
Bug 439463
Opened 16 years ago
Closed 14 years ago
Firefox ask user and password on every CONNECT to an NTLM authenticated proxy
Categories
(Firefox :: General, defect)
Firefox
General
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: unaiur, Unassigned)
References
()
Details
(Whiteboard: [CLOSEME 2011-1-30])
Attachments
(1 file)
(deleted),
application/x-extension-pcap
|
Details |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.9) Gecko/2008060309 Firefox/3.0
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.9) Gecko/2008060309 Firefox/3.0
When Firefox calls twice the CONNECT method on an NTLM authenticated proxy, it doesn't renegotiates a new challenge and replays the first CONNECT authentication. It's interpreted as a replay attack by the proxy and returns 407 error.
Reproducible: Always
Steps to Reproduce:
1. Configure an NTLM proxy (squid, for example)
2. Type the URL https://aplitic.xtec.cat/pls/e13_pav
Actual Results:
The proxy password is asked twice
Expected Results:
The proxy password shouldn't be asked again
Reporter | ||
Comment 1•16 years ago
|
||
The second connection issues the directly an NTLM_AUTH command reusing the challenge in the first connection. This isn't allowed, it should issued an NTLM_NEGOTIATE command like the first connection.
Reporter | ||
Comment 2•16 years ago
|
||
It's reproducible in FF 2.0.12
Comment 3•16 years ago
|
||
maybe related to bug 230190 and 339804 ?
Comment 4•16 years ago
|
||
Seems to be the same as bug 445514
Comment 5•16 years ago
|
||
Not blocking until this is confirmed; looks like it might be a dupe as per comment 4
Flags: blocking-firefox3.1?
Comment 6•16 years ago
|
||
this seems identical to bug 366562 to me. visiting the https://aplitic.xtec.cat/pls/e13_pav through our ntlm auth squid proxy presents the login prompt
Comment 7•16 years ago
|
||
Unable to reproduce this after update from 3.0.7 to 3.0.8
Can anyone confirm?
Comment 8•16 years ago
|
||
Sometimes I don't get this happening for days, then get a run of them! I clicked the URL listed at the top of this bug in FF 3.0.8 and still got the login prompt
Comment 9•16 years ago
|
||
Looks like my 439463 is a dupe of this.
I can confirme the url in this bug triggers the bad NTLM auth sequence for me.
Comment 10•16 years ago
|
||
Excuse me I meant 486508 is a dupe of this.
Comment 11•15 years ago
|
||
Isn't this issue a duplicate of bug 318253 ?
Comment 12•14 years ago
|
||
Reporter, are you still seeing this issue with Firefox 3.6.13 or later in safe mode? If not, please close. These links can help you in your testing.
http://support.mozilla.com/kb/Safe+Mode
http://support.mozilla.com/kb/Managing+profiles
You can also try to reproduce in Firefox 4 Beta 8 or later, there are many improvements in the new version, http://www.mozilla.com/en-US/firefox/all-beta.html
Whiteboard: [CLOSEME 2011-1-30]
Comment 13•14 years ago
|
||
No reply, INCOMPLETE. Please retest with Firefox 3.6.13 or later and a new profile (http://support.mozilla.com/kb/Managing+profiles). If you continue to see this issue with the newest firefox and a new profile, then please comment on this bug.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•