Bug #35336 GetPassword() return wrong password (when format is encrypted)
Submitted: 17 Mar 2008 13:29 Modified: 16 May 2008 13:18
Reporter: Andrey Yusupov Email Updates:
Status: Closed Impact on me:
None 
Category:Connector / NET Severity:S2 (Serious)
Version:5.2.1, 5.1.5 OS:Windows
Assigned to: CPU Architecture:Any
Tags: EncodePassword, GetPassword

[17 Mar 2008 13:29] Andrey Yusupov
Description:
MySQLMembershipProvider:

GetPassword() return wrong password (when format is "encrypted"), because EncodePassword() return wrong string when format is "encrypted".

UnEncodePassword() return DecryptPassword(Convert.FromBase64String(password))) for format encrypted ("password"!!!!!).

EncodePassword() return Convert.ToBase64String(EncryptPassword(keyedBytes)), where
keyedBytes(!!!!!) is:

byte[] passwordBytes = Encoding.Unicode.GetBytes(password);
byte[] keyBytes = Convert.FromBase64String(passwordKey);
byte[] keyedBytes = new byte[passwordBytes.Length + keyBytes.Length];
Array.Copy(keyBytes, keyedBytes, keyBytes.Length);
Array.Copy(passwordBytes, 0, keyedBytes, keyBytes.Length, passwordBytes.Length);

How to repeat:
1. Set for MySQLMembershipProvider: 
   passwordFormat="encrypted"
   enablePasswordRetrieval="true"
   requiresQuestionAndAnswer="false"
1. Create user, remember his password (example, "pass")
2. User.GetPassword()
3. Compare: "pass" != "??????????pass"

?????????? - other symbols

Suggested fix:
private string EncodePassword(string password, string passwordKey, MembershipPasswordFormat format)

// Why "keyedBytes"???
if (format == MembershipPasswordFormat.Encrypted)
{
  byte[] encryptedBytes = EncryptPassword(keyedBytes);
  return Convert.ToBase64String(encryptedBytes);
}

// may be "passwordBytes"?
if (format == MembershipPasswordFormat.Encrypted)
{
  byte[] encryptedBytes = EncryptPassword(passwordBytes);
  return Convert.ToBase64String(encryptedBytes);
}
[26 Mar 2008 17:21] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/44469
[26 Mar 2008 17:21] Reggie Burnett
Fixed in 5.2.2
[16 May 2008 13:18] MC Brown
A note has been added to the 5.2.2 changelog:

When using encrypted passwords, the GetPassword() function would return the wrong string.