tracker issue : CF-4203664

select a category, or use search below
(searches all categories and all time range)
Title:

cflogin authentication issue

| View in Tracker

Status/Resolution/Reason: To Track//PRNeedInfo

Reporter/Name(from Bugbase): rohit sharma / ()

Created: 12/06/2018

Components: Security, Authentication

Versions: 2016

Failure Type: Usability Issue

Found In Build/Fixed In Build: 5.1.4 (Build 0001) /

Priority/Frequency: Normal / All users will encounter

Locale/System: English / Win 2016

Vote Count: 5

Problem Description:
I have recently installed CF2018 (all available updates installed) on windows 2016 server. Users behind the login page on the app are getting authentication failed error messages.

Steps to Reproduce:
After sometime of use users receive an error message

Actual Result:
"Error","ajp-nio-8018-exec-3","12/06/18","06:03:54","","'' Can not decode string ""BF93D94292E2FF6D_J7FlVInggrvvrHEUI5F1mXHbzVsPZnFE3xChv7mXJZg===="". The input string is not base64-encoded."
coldfusion.wddx.Base64Encoder$InvalidEncodedStringException: '' Can not decode string "BF93D94292E2FF6D_J7FlVInggrvvrHEUI5F1mXHbzVsPZnFE3xChv7mXJZg====".
	at coldfusion.wddx.Base64Encoder.decode(Base64Encoder.java:131)
	at coldfusion.security.SecurityManager.decodeBase64(SecurityManager.java:3493)
	at coldfusion.security.SecurityManager.parseAuthInfo(SecurityManager.java:3380)
	at coldfusion.tagext.security.AuthenticateTag.parseAuthUpdate(AuthenticateTag.java:397)
	at coldfusion.tagext.security.AuthenticateTag.doStartTag(AuthenticateTag.java:358)
	

"Error","ajp-nio-8018-exec-3","12/06/18","06:03:54","CLIENT","Authentication has failed.Please check the logs for more details.s The specific sequence of files included or processed is: ..., line: 1 "
coldfusion.security.SecurityManager$AuthenticationFailedException: Authentication has failed.
	at coldfusion.security.SecurityManager.parseAuthInfo(SecurityManager.java:3429)
	at coldfusion.tagext.security.AuthenticateTag.parseAuthUpdate(AuthenticateTag.java:397)
	at coldfusion.tagext.security.AuthenticateTag.doStartTag(AuthenticateTag.java:358)
	

Expected Result:

Any Workarounds:
Users have to delete cookies to be able to login again.

Attachments:

Comments:

Any update Adobe?
Comment by rohit s.
30088 | January 04, 2019 01:33:49 AM GMT
Hi Adobe, Can you please re-open original ticket CF-4203170? Also, decoding the Base64 auth info produces 4 lines of text. Example: ----------- myUsername myAppName 1544913669249 B21A210A127191FE ----------- Question 1: What was the original value from which the last line (B21A210A127191FE) was derived? Question 2: Can you please provide a CF code snippet showing how to derive B21A210A127191FE from the original value? And, can this auth info format please be documented? Thanks!, -Aaron
Comment by Aaron N.
30111 | January 12, 2019 04:31:21 AM GMT
Hi Rohit, Possibly the error is due to CF attempting to parse cookies having a different auth info format. The auth info format seems undocumented, so I'm unsure. One workaround is the recommended `loginstorage="session"`. Could you try that? Thanks!, -Aaron
Comment by Aaron N.
30112 | January 12, 2019 04:34:53 AM GMT
Hi Rohit, Could you please share the code snippet with us, so that we can check if we can repro this intermitent issue? An isolated test case will help us debugging this issue faster Also, can you try Aaron/Pete's suggestion to check if that fixes your issue? Also, do share with us any setting that you have done wrt cookies in Application.cfc/Admin. Thanks, Kailash
Comment by Kailash B.
30190 | February 05, 2019 09:26:29 AM GMT
I have just witnessed this same behavior on my laptop I use for development. Recently installed CF2018 on a Mac. I have changed loginStorage to session to try to fix. I can get around the error by coding a CFLOGOUT into my script. From my security.log file: "Error","http-nio-8500-exec-11","06/22/19","17:12:45","","Incompatible login information was specified." "Error","http-nio-8500-exec-11","06/22/19","17:12:45","","'' Can not decode string ""A5C34C0D8AFC55C2_rnKK4II/OqdT3mzoqko7EKUCkM27TVgMlF6F02y3opY===="". The input string is not base64-encoded." ================= <cflogin idletimeout="7200" usebasicauth = "false" cookiedomain="#Application.ThisDomainOnly#"> <cfif IsDefined("cflogin") AND len(cflogin.name) GT 0 AND len(cflogin.password) GT 0 AND isValid("email",cflogin.name)> <cfobject name="acnt" component="functions"> <cfset uLogin = acnt.acntByEmail(cflogin.name).qry> <cfif uLogin.recordcount GT 0 AND len(uLogin.pswd) GT 0 AND listFind(Application.enc.decryptString(uLogin.pswd),cflogin.password)> <cfloginuser name = "#uLogin.id#" password = "#cflogin.password#" roles = "mgr"/> </cfif> </cfif> </cflogin>
Vote by Paul M.
30950 | June 22, 2019 09:43:45 PM GMT