From 2bf5cc0e41a4aeef857e0bb683400ed91c53bd8d Mon Sep 17 00:00:00 2001 From: Dmitry Podgorny Date: Tue, 1 Oct 2019 23:38:50 +0300 Subject: [PATCH] auth: disable PLAIN when other mechanisms are supported PLAIN mechanism sends password in BASE64 encoding which everyone can read. As result, debug logs expose password and users often don't remove it when post the logs in the Internet. Usually, both a secure mechanism and PLAIN are used in the scenario when username or password is incorrect. PLAIN fails in this scenario anyway. --- ChangeLog | 1 + src/auth.c | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/ChangeLog b/ChangeLog index 6616bb4..a76b3cd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,5 @@ 0.9.3 + - PLAIN mechanism is used only when no other mechanisms are supported - Legacy authentication is disabled by default, can be enabled with connection flag XMPP_CONN_FLAG_LEGACY_AUTH - Session is not established if it is optional diff --git a/src/auth.c b/src/auth.c index a23504e..8152b40 100644 --- a/src/auth.c +++ b/src/auth.c @@ -259,6 +259,10 @@ static int _handle_features(xmpp_conn_t * const conn, } } + /* Disable PLAIN when other secure mechanisms are supported */ + if (conn->sasl_support & ~(SASL_MASK_PLAIN | SASL_MASK_ANONYMOUS)) + conn->sasl_support &= ~SASL_MASK_PLAIN; + _auth(conn); return 0;