FidoNet Echomail Archive
sync_programming

<<< Previous Index Next >>>

From: mark lewis
To: all
Date: 2019-06-13 21:44:20
Subject: possible CRYPT bug with no session password

i think we've stumbled upon a bug when interacting with binkd and no
session level password...

i have a connection with a node that sends this when my binkd connects out to them...

OPT CRAM-MD5-411eaac235d14fa531bd059150ddac9e CRYPT
[...]
VER BinkIT/2.17,JSBinkP/1.114,sbbs3.17c/Linux binkp/1.1

my binkd reports this...

rerror: Password mismatch


when they connect inbound, they are sending this...

OPT CRYPT
[...]
VER BinkIT/2.17,JSBinkP/1.114,sbbs3.17c/Linux binkp/1.1

my binkd reports this...

unexpected password digest from the remote


there is only a tic password set in echocfg... no other passwords are set
between the two systems...

i tried setting -nomd on their node line but since they are requesting
CRYPT, we cannot talk... binkd does not have, that i can find, an option to
turn off CRYPT per node... i'm aware that binkit.js is v2.25 and binkp.js
v1.118 and there has been some recent work done in this area of the code...

with the above versions, i'm thinking that we're missing something since we
seem to be setting CRYPT even when there is no session level password
defined... i don't know if having that node update to the latest binkp.js
and/or binkit.js will fix this particular problem with requesting CRYPT
when there is no session level password set, though...

)\/(ark

Always Mount a Scratch Monkey
Do you manage your own servers? If you are not running an IDS/IPS yer doin'
it wrong...
... I am curious, Do all Microsoft programmers do drugs?
---
 * Origin:  (1:3634/12.73)
SEEN-BY: 1/120 18/0 103/705 123/0 25 50 150 153/7715 154/10 30 40 700 203/0
SEEN-BY: 221/0 6 227/201 400 229/426 240/5832 261/38 280/464 5003 340/800
SEEN-BY: 396/45 423/120 633/0 267 280 281 384 412 509 712/848 770/1 3634/0 12
SEEN-BY: 3634/50 119
@PATH: 3634/12 154/10 280/464 712/848 633/280 267


<<< Previous Index Next >>>