search

thunderbird / thunderbird-android

K-9 Mail – Open Source Email App for Android
https://k9mail.app/
Apache License 2.0
9.47k stars 2.42k forks source link

Passwords are silently trimmed #7774

Closed sijanec closed 2 weeks ago

sijanec commented 2 weeks ago

Checklist

App version

6.802

Where did you get the app from?

F-Droid

Android version

13

Device model

N/A

Steps to reproduce

  1. Go to incoming server settings
  2. Set password to <five spaces on both sides>
  3. Click Next
  4. Observe the password sent to the IMAP server, it will have spaces from sides removed.

For easier observing of the sent password, you can set Security to None and inspect IMAP streams in Wireshark, see image attached (you will have to believe me that I inputted spaces in the password field, as I can't take a screenshot there).

wireshark screenshot

Expected behavior

K-9 mail should not trim spaces from start and end of passwords before sending them to the server.

Actual behavior

K-9 mail trims spaces from start and end of passwords before sending them to the server.

Logs

No response

cketti commented 2 weeks ago

We trim entered text because many software keyboards automatically add a trailing space when auto-completing text. We should probably disable this for password fields.

Using a space at the beginning or end of a password is very likely to run into issues like this. My recommendation would be to avoid this.

sijanec commented 2 weeks ago

Okay, not a bug then, sorry for bothering you.

cketti commented 2 weeks ago

We had an internal discussion about this and decided to keep the current behavior for now. If this turns out to be a problem for more than a handful of users, we'll re-evaluate.