Base64-encoded Auth login strings are not compatible with vaultwarden

Question

Base64-encoded Auth login strings are not compatible with vaultwarden

dungmuht opened this issue a year ago · 2 comments

When decoding "VXNlciBOYW1lAA==" -> "User Name�"
When decoding "UGFzc3dvcmQA" -> "Password�"

Vaultwarden does not recognize the "�" symbol and returns an error.
If you don't need the "�" symbol in your source code, you can probably replace the encoded string with something else.
ex)

"Username:" -> "VXNlcm5hbWU6"
"Password:" -> "UGFzc3dvcmQ6"

Thanks for a great project.

Answer 1 · 2023-06-21T07:42:26.000Z

Hi, this looks like a bug in Vaultwarden. Stalwart SMTP uses the same AUTH LOGIN base64 challenges as in the SASL LOGIN draft, please see https://datatracker.ietf.org/doc/html/draft-murchison-sasl-login-00

Answer 2 · 2023-06-21T07:46:02.000Z

However, on the other hand the draft does say "Username:" encoded in base64 and those challenges are for "Username\0". Do you know what AUTH LOGIN base64 challenges are used by Postfix, Courier or Dovecot?