#114 Bug in MD5Encrypt of Login: Auto plugin

[Anonymous]

Hello,

There is a bug in the 1.1 version of the squirrelmail
plugin Login: Auto. If you have a username or password
greater than 32 characters,
MD5Encrypt will not encrypt it correctly so that
MD5Decrypt can
retrieve it.

It happens on line 232 in the file functions.php:

$val.=substr($cryptkey,$j,1).(substr($txt,$i,1)^substr($cryptkey,($j==$keylen)?$j*=0:$j++,1));

if $j is equal to the size of $keylen, then this code
adds a blank to
$val ($cryptkey[$j]) and then XORs the character from
$txt with
$cryptkey[0]

The result is that the next 64 bytes of $val are not
correct, and after
that the alogithm becomes correct again for another 64
bytes.

The solution to this is to set $j to 0 before this line:

if ($j == $keylen) $j = 0;
$val.=substr($cryptkey,$j,1).(substr($txt,$i,1)^substr($cryptkey,$j++,1));

I have attached a diff that should fix the problem.

[Nobody/Anonymous]

Simple patch

[Kenneth Bogert]

Logged In: YES
user_id=1404402

Here's a testcase thats highlights this bug (run in the
login_auto directory)

<?php

include ('functions.php');

$plaintext = "A really long password a user might enter and
then have it be corrupted";
print($plaintext . "\n");

$var = base64_encode(MD5Encrypt($plaintext, "testkey"));

print (MD5Decrypt(base64_decode($var), "testkey") . "\n");

?>