Modify

#439 closed defect (fixed)

SOAP-based authentication broken

Reported by: dissent@… Owned by: wilmer
Priority: major Milestone: 1.2.2
Component: MSN Version: 1.2.1
Keywords: Cc:
IRC client+version: Client-independent Operating System: Linux
OS version/distro:

Description

A few days ago one of my two MSN accounts was unable to login on Bitlbee, and repeatedly got the following error message:

> account on 4
<root> msn(accountname@hotmail.co.uk) - Logging in: Connecting
<root> msn(accountname@hotmail.co.uk) - Logging in: Connected to server, waiting for reply
<root> msn(accountname@hotmail.co.uk) - Logging in: Transferring to other server
<root> msn(accountname@hotmail.co.uk) - Logging in: Connected to server, waiting for reply
<root> msn(accountname@hotmail.co.uk) - Couldn't log in: Error reported by MSN server: Authentication failed
<root> msn(accountname@hotmail.co.uk) - Logging in: Signing off..

My other account logged in successfully with bitlbee, and the problematic account could login successfully using the M$ client or gaim.

I tried out various things, including creating new accounts, and discovered that any account I created with the same password received this error, but that changing the password would allow any of the accounts to work again. I've changed my password now, so have no problem sharing the bugged one, it's Jdshntm3. To reproduce, create a new MSN account with this password. https://accountservices.passport.net/reg.srf

I'm using the Debian modified version of 1.2.1.

Attachments (0)

Change History (21)

comment:1 Changed at 2008-07-28T05:16:31Z by Chascon

I can vouch for this problem too on OS X, running the 1.2.1 release. This release was working for me just yesterday, and it's been on the fritz since. I've seen this sort of behaviour before and I've had to delete the account and create it again. I don't know if the account preferences get corrupted, or what.

My OSCAR (AIM) account is also acting up, although I doubt it is related.

Chascon

comment:2 Changed at 2008-07-28T06:24:38Z by Chascon

Rather than doing an account del on my msn IM account, I did an "account set <account id>/<password> <passsword>". Then, logging into my msn account, still fails. I'm beginning to think it's either MSN blocking my IP or a gateway problem.

Chascon

comment:3 Changed at 2008-07-28T07:30:03Z by Chascon

Can't be my IP being blocked, 'cause Adium connects to my msn IM service. I just may try to delete my MSN account on Bitlbee and then add it again and see what happens.

comment:4 Changed at 2008-07-28T11:28:42Z by anonymous

I had the same issue but after changing my password to [a-z]+ I was again able to sign in.

comment:5 Changed at 2008-07-28T11:50:37Z by irxc

I also had this very issue, after I changed the msn-passwd to [a-z] it's working once again.

comment:6 Changed at 2008-07-28T11:57:52Z by Wilmer van der Gaast <wilmer@…>

I also had this very issue, after I changed the msn-passwd to [a-z] it's
working once again.


That's pretty ridiculous. :-( Has anyone tried an older BitlBee version
yet? Something like 1.0.4, for example. In 1.2 I switched to a new
authentication mechanism, maybe I shouldn't have done that.

comment:7 in reply to:  6 Changed at 2008-07-28T12:22:57Z by irxc

Replying to Wilmer van der Gaast <wilmer@gaast.net>:

That's pretty ridiculous. :-( Has anyone tried an older BitlBee version
yet? Something like 1.0.4, for example. In 1.2 I switched to a new
authentication mechanism, maybe I shouldn't have done that.

I just made a succesful connection using v0.92 (that's the only other version apart from 1.2 that I've got access to) using a password containing [0-9a-zA-Z]. The same password is a no-go using v1.2

comment:8 Changed at 2008-07-28T12:25:30Z by wilmer

Milestone: 1.2.2
Priority: normalmajor
Summary: specific password causes authentication failure on MSNSOAP-based authentication broken

comment:9 Changed at 2008-07-28T12:25:50Z by wilmer

(Thanks for checking that out.)

comment:10 Changed at 2008-07-28T12:41:37Z by adam

Same issue for me today. The fix sorted it - removing numbers from my password (so it became [a-z]+) lets me log on

comment:11 Changed at 2008-07-28T18:34:03Z by yastupin

Same issue and fix there. Had the same problem few days ago for a few hours, and since tonight ~1h UTC+2 til now.

Tested versions:

  • 1.2.1: fails
  • 1.2: fails
  • 1.1.1dev: success

Wanted to search the commit but unfortunately the bzr server doesnt respond.

comment:12 Changed at 2008-07-28T18:53:40Z by wilmer

What makes this even more interesting is that the failure comes from the notification server, not from the authentication server. When you give the wrong password on purpose, the error is slightly different:

:rootroot@localhost.localdomain PRIVMSG &bitlbee :msn - Couldn't log in: Error during Passport authentication: wsse:FailedAuthentication (Authentication Failure)

So the authentication seems okay, just that the MSN Messenger server somehow doesn't accept the token.

comment:13 Changed at 2008-07-29T02:29:18Z by Chascon

It's not just numbers, but symbols that also seem to be throwing things off.

comment:14 Changed at 2008-07-30T00:19:33Z by wilmer

http://forums.miranda-im.org/showpost.php?s=154c97590b56528d31e7bd20fd2a3bdb&p=162186&postcount=70

Looks like it's not just BitlBee that is broken. Reverting to the non-SOAP authentication should fix this. I'm trying to avoid this since that code is horribly messy, but may do it anyway if no other solution comes up any time soon. The Miranda dev still blames the MS servers and thinks things will restore themselves, I'm not so optimistic about it.

comment:15 Changed at 2008-07-30T06:29:44Z by yastupin

The error is now "Couldn't log in: Error during Passport authentication: wsse:FailedAuthentication (Authentication Failure)", which make more sense.

comment:16 Changed at 2008-07-30T15:37:13Z by linuturk@…

I can confirm this is an issue on Ubuntu 8.04

Changing the password to all lower case something is the work around I used.

comment:17 Changed at 2008-07-30T20:08:15Z by acidflash

I think all know it by now. But i can confirm too that lower case and numbers is working just fine. Did change my password just for connect.

comment:18 Changed at 2008-07-31T22:13:02Z by wilmer

Resolution: fixed
Status: newclosed

changeset:devel,411

Rolled back to the old mechanism. The only alternative seems to be "upgrading" to MSNP15 or something like that, which I'll leave up to someone who actually knows people on the MSN Messenger network. :-)

comment:19 Changed at 2009-09-05T14:01:42Z by samuel_k@…

How do u change a password?

comment:20 Changed at 2009-09-24T19:32:32Z by aenslad.mackenzie@…

I ran into a similar problem earlier this week that may or may not be related -- I had set my display name to have non-latin characters (it was in Japanese), and I was completely unable to login. It kept saying "Unknown authentication type". I eventually logged into Meebo, changed my display name, and tried again, and everything worked.

comment:22 Changed at 2009-11-20T17:38:11Z by wilmer

aenslad, that's a different known bug: #536. I know what's going on there and it looks to me like a bug in the MSN servers. Working around it is possible but it breaks other functionality. :-(

I want to see what's going on here and find a proper fix, also.

I'm blocking further posts to this bug now since the spammers seem to have discovered it. I fear the day those fuckers learn and start spamming random bugs instead of the same one all the time.

If you can let me know the exact name that triggered this bug (just post it in the other bug) that'd be great BTW.

Modify Ticket

Action
as closed The owner will remain wilmer.
The resolution will be deleted.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.