0

I am connecting to an FTPS Server with credentials like:

myusername
86FAT!Q@12..

I can connect to the FTPS Server just fine with these credentials. I was developing a small application with Java to connect to this FTPS Server and I wanted to test the following code:

final boolean login = ftpsClient.login(username, "86FAT!Q@12..");
if (!login) {
    LOGGER.error("Login failed. Is the password for username: " + username + " wrong?");
}

and I wanted to make sure that LOGGER was working fine so I created a test with a wrong password, I simply changed the last character from '.' to '!', so tried logging in with:

86FAT!Q@12.!

But login was successful? Then I tried: (note the first character)

76FAT!Q@12..

and login was not successful, which is what I already expected..

So I tried Cyberduck and the wrong password worked with Cyberduck as well.. I know, you are tempted to say maybe the password ending with '!' is not wrong after all. But it is, I am sure, as I was the one who created the user in the server.. And the weird thing is, this will work too:

86FAT!Q@12.@

and login is again successful..

Is there are rule that I do not know about FTPS credentials? Like check only the first 5 characters, ignore the last character in the password.. etc? Is this about FTPS Server configuration?

Koray Tugay
  • 22,894
  • 45
  • 188
  • 319
  • 1
    It's the server. Maybe a password length issue? – Sami Kuhmonen Nov 28 '16 at 07:29
  • @SamiKuhmonen How / where do I configure it? OS level or the FTP Server software? Server is running Debian. – Koray Tugay Nov 28 '16 at 07:32
  • No there are no dark magic rules. There may be something OS- or FTP- specific that causes the behavior you are facing. But that's not a programming question. Please ask elsewhere. Maybe [su]. – Martin Prikryl Nov 28 '16 at 08:02
  • @KorayTugay: there are several FTP servers on Debian and sometimes they use their own virtual accounts and sometimes system accounts and it also might depend on the actual version of OS and server etc. If you don't find anything about password length restrictions in your specific setup you might ask at serverfault.com but don't forget to include the default information about your setup I've mentioned. – Steffen Ullrich Nov 28 '16 at 08:06
  • Many Unix FTP servers use the `crypt(3)` function for password hashing, and this would lead (in many cases) to [only the first 8 characters being used](http://stackoverflow.com/questions/2179649/are-passwords-on-modern-unix-linux-systems-still-limited-to-8-characters). Perhaps this is what you are encountering? – Castaglia Dec 19 '16 at 21:49

0 Answers0