Next Previous Contents

16.4   MS DUN Password String 'gotcha'

From Jason Trowbridge, Thu Aug 26 16:51:03 1999

According to Microsoft's official dial-up scripting documentation, $PASSWORD is a string. In strings, the following character sequences have special meaning:

^char   :  If char is between '@' and '_', the character sequence is
                translated into a single-byte value between 0 and 31.  
                For example, ^M is converted into a carriage return.
<cr>    :  Carriage return.
<lf> :  Line feed.
\"      :  Double quote.
\^      :  Single caret.
\<   :  Single '<'
\\      :  Backslash

Apparently, Microsoft's dial-up networking does not escape the user name and password fields. If a user's password (or username) contains any of the above sequences, it will be translated as described above... which will result in sending the wrong password.

There's no real way that we can address this. The dial-up scripting language is too primative and contains no real way to manipulate strings. I don't think I can write a special TCC program to ask for username/password, and start dial-up networking with the quoted strings.

I'm betting that NT probably does not allow backslashes, greater/less thans, or carets in passwords, so this may not be a problem with Microsoft-based ISP's.

For now, just make sure that people aren't using the above character sequences in their passwords. There's not too much more we can do about it.

 _  () ()      Jason Trowbridge | "Wolfman! And it wants cleats! Run!"
( '  .~.  TCC System Programmer |     -Buster Wilde, Werewolf
 \  = o =   Undergraduate CS/EE | 
---"`-`-'"---+   ratman@nmt.edu | 

On Thu, 26 Aug 1999, K. Scott Rowe wrote:

Date: 26-Aug-1999 15:46:55
Description: windows DUN doesnt accept ^ in passwds
Priority: 5
Keywords: pcsoft misc

if a user has a ^ in their passwd, the modems give Access Denied when trying to login. The modems themselves do not have a problem with a ^ in the passwd because one can telnet to the modem just fine. I have tried several passwds and here are my results

^+$xakT         failes
a+$xakT         works
^xyzzy          failes
+xyzzy          works
$xyzzy          works

We need to find out if there is a way to allow DUN to forward the passwd correctly to the modem.


Next Previous Contents