| Summary | IMP is marked as authenticated |
| Queue | IMP |
| Queue Version | 6.2.22 |
| Type | Bug |
| State | Resolved |
| Priority | 1. Low |
| Owners | |
| Requester | william (at) joye (dot) tuxeo (dot) net |
| Created | 02/28/2023 (869 days ago) |
| Due | |
| Updated | 10/18/2023 (637 days ago) |
| Assigned | |
| Resolved | 10/18/2023 (637 days ago) |
| Github Issue Link | |
| Github Pull Request | |
| Milestone | |
| Patch | No |
State ⇒ Resolved
to re-enable the blowfish cipers.
further developed anyway?
https://github.com/maintaina-com
https://www.ralf-lang.de/category/it/horde-it/
$session->set('imp', self::PASSWORD_KEY . '/' . $this->_id,
$this->_password, $session->ENCRYPT);
seems to do the trick.
I also had to change my Authentication in Horde config back from MYSQL
to "let a horde application handle authentication" (imp). Afterwards
my Login magically worked again.
Will there be a php >8 compatibility at any time soon? Will horde be
further developed anyway? There is no alternative to horde really out
there. Keep going please!
plain text format.
If your session is saved as file (e.g. /tmp , etc) , pay attention to
its security (esp shared platform).
I tried to clone the Horde Webmail 5.2.22 from AlmaLinux 8 with manual
installed PHP
7.4 environment (working fine) to AlmaLinux 9 with manual installed PHP 7.4
environment.
Then, inside AlmaLinux 9 , I encountered the same error - "IMP is
marked as authenticated, but no credentials can be found in the
session." inside IMP.
After a day study, it seems
$_SESSION[imp][imap_ob_pass/xxxxxxxxxxxxxxxxxxx] -> become nothing
If I manually modified the file - imp/lib/Imap/Password.php
inside "public function serialize()" , changed
from
$session->set('imp', self::PASSWORD_KEY . '/' . $this->_id,
$this->_password, $session::ENCRYPT);
to
$session->set('imp', self::PASSWORD_KEY . '/' . $this->_id,
$this->_password, 0 );
It seems working again.
(Note: the password is stored in PHP session in plain text format.)
ref.: https://bugs.horde.org/ticket/12432
(in application context 'horde') shows:
Array
(
[0] => Core
[1] => date
[2] => libxml
[3] => openssl
[4] => pcre
[5] => zlib
[6] => filter
[7] => hash
[8] => Reflection
[9] => SPL
[10] => session
[11] => standard
[12] => sodium
[13] => apache2handler
[14] => horde_lz4
[15] => mysqlnd
[16] => PDO
[17] => xml
[18] => apcu
[19] => bcmath
[20] => bz2
[21] => calendar
[22] => ctype
[23] => curl
[24] => dom
[25] => mbstring
[26] => FFI
[27] => fileinfo
[28] => ftp
[29] => gd
[30] => geoip
[31] => gettext
[32] => gmp
[33] => gnupg
[34] => iconv
[35] => igbinary
[36] => imagick
[37] => imap
[38] => intl
[39] => json
[40] => ldap
[41] => lz4
[42] => exif
[43] => mcrypt
[44] => msgpack
[45] => mysqli
[46] => pdo_mysql
[47] => pdo_sqlite
[48] => apc
[49] => posix
[50] => pspell
[51] => readline
[52] => redis
[53] => shmop
[54] => SimpleXML
[55] => soap
[56] => sockets
[57] => sqlite3
[58] => ssh2
[59] => sysvmsg
[60] => sysvsem
[61] => sysvshm
[62] => tidy
[63] => tokenizer
[64] => xmlreader
[65] => xmlrpc
[66] => xmlwriter
[67] => xsl
[68] => zip
[69] => Phar
[70] => mailparse
[71] => memcached
[72] => zstd
[73] => Zend OPcache
)
(in application context 'horde') shows:
Array
(
[0] => aes-128-cbc
[1] => aes-128-cbc-hmac-sha1
[2] => aes-128-cbc-hmac-sha256
[3] => aes-128-ccm
[4] => aes-128-cfb
[5] => aes-128-cfb1
[6] => aes-128-cfb8
[7] => aes-128-ctr
[8] => aes-128-ecb
[9] => aes-128-gcm
[10] => aes-128-ocb
[11] => aes-128-ofb
[12] => aes-128-xts
[13] => aes-192-cbc
[14] => aes-192-ccm
[15] => aes-192-cfb
[16] => aes-192-cfb1
[17] => aes-192-cfb8
[18] => aes-192-ctr
[19] => aes-192-ecb
[20] => aes-192-gcm
[21] => aes-192-ocb
[22] => aes-192-ofb
[23] => aes-256-cbc
[24] => aes-256-cbc-hmac-sha1
[25] => aes-256-cbc-hmac-sha256
[26] => aes-256-ccm
[27] => aes-256-cfb
[28] => aes-256-cfb1
[29] => aes-256-cfb8
[30] => aes-256-ctr
[31] => aes-256-ecb
[32] => aes-256-gcm
[33] => aes-256-ocb
[34] => aes-256-ofb
[35] => aes-256-xts
[36] => aria-128-cbc
[37] => aria-128-ccm
[38] => aria-128-cfb
[39] => aria-128-cfb1
[40] => aria-128-cfb8
[41] => aria-128-ctr
[42] => aria-128-ecb
[43] => aria-128-gcm
[44] => aria-128-ofb
[45] => aria-192-cbc
[46] => aria-192-ccm
[47] => aria-192-cfb
[48] => aria-192-cfb1
[49] => aria-192-cfb8
[50] => aria-192-ctr
[51] => aria-192-ecb
[52] => aria-192-gcm
[53] => aria-192-ofb
[54] => aria-256-cbc
[55] => aria-256-ccm
[56] => aria-256-cfb
[57] => aria-256-cfb1
[58] => aria-256-cfb8
[59] => aria-256-ctr
[60] => aria-256-ecb
[61] => aria-256-gcm
[62] => aria-256-ofb
[63] => bf-cbc
[64] => bf-cfb
[65] => bf-ecb
[66] => bf-ofb
[67] => camellia-128-cbc
[68] => camellia-128-cfb
[69] => camellia-128-cfb1
[70] => camellia-128-cfb8
[71] => camellia-128-ctr
[72] => camellia-128-ecb
[73] => camellia-128-ofb
[74] => camellia-192-cbc
[75] => camellia-192-cfb
[76] => camellia-192-cfb1
[77] => camellia-192-cfb8
[78] => camellia-192-ctr
[79] => camellia-192-ecb
[80] => camellia-192-ofb
[81] => camellia-256-cbc
[82] => camellia-256-cfb
[83] => camellia-256-cfb1
[84] => camellia-256-cfb8
[85] => camellia-256-ctr
[86] => camellia-256-ecb
[87] => camellia-256-ofb
[88] => cast5-cbc
[89] => cast5-cfb
[90] => cast5-ecb
[91] => cast5-ofb
[92] => chacha20
[93] => chacha20-poly1305
[94] => des-cbc
[95] => des-cfb
[96] => des-cfb1
[97] => des-cfb8
[98] => des-ecb
[99] => des-ede
[100] => des-ede-cbc
[101] => des-ede-cfb
[102] => des-ede-ofb
[103] => des-ede3
[104] => des-ede3-cbc
[105] => des-ede3-cfb
[106] => des-ede3-cfb1
[107] => des-ede3-cfb8
[108] => des-ede3-ofb
[109] => des-ofb
[110] => desx-cbc
[111] => id-aes128-CCM
[112] => id-aes128-GCM
[113] => id-aes128-wrap
[114] => id-aes128-wrap-pad
[115] => id-aes192-CCM
[116] => id-aes192-GCM
[117] => id-aes192-wrap
[118] => id-aes192-wrap-pad
[119] => id-aes256-CCM
[120] => id-aes256-GCM
[121] => id-aes256-wrap
[122] => id-aes256-wrap-pad
[123] => id-smime-alg-CMS3DESwrap
[124] => rc2-40-cbc
[125] => rc2-64-cbc
[126] => rc2-cbc
[127] => rc2-cfb
[128] => rc2-ecb
[129] => rc2-ofb
[130] => rc4
[131] => rc4-40
[132] => rc4-hmac-md5
[133] => seed-cbc
[134] => seed-cfb
[135] => seed-ecb
[136] => seed-ofb
[137] => sm4-cbc
[138] => sm4-cfb
[139] => sm4-ctr
[140] => sm4-ecb
[141] => sm4-ofb
)
New Attachment: Horde_ System Capabilities Test.html
The content of /var/lib/php/sessions looks like:
$ ls /var/lib/php/sessions/ -lah
drwx-wx-wt 2 root root 2,5M Mär 14 08:48 .
drwxr-xr-x 4 root root 4,0K Jun 21 2017 ..
-rw------- 1 www-data www-data 236 Mär 14 08:25
sess_04av5qqheb4j95os47fesiqip7
-rw------- 1 www-data www-data 0 Mär 14 08:48
sess_288hofrih2pl0kbk30r8u1rd8m
-rw------- 1 www-data www-data 357 Mär 14 08:17
sess_43nhc5d0jfjg1do8rj58cgbe2h
-rw------- 1 www-data www-data 453 Mär 14 08:39
sess_4ia99o4ltst0n034sqjq0iail6
-rw------- 1 www-data www-data 2,7K Mär 14 08:40
sess_75hiofhhej441g3evn62878qdi
-rw------- 1 www-data www-data 0 Mär 14 08:46
sess_7hdt5q0ke9qbgmhv7cv2l6rcu8
-rw------- 1 www-data www-data 357 Mär 14 08:37
sess_7o6vu6fbakggmdbev5859ajpuc
-rw------- 1 www-data www-data 169 Mär 14 08:47
sess_7pkd6eh92uon1lr09c3hrjko24
-rw------- 1 www-data www-data 0 Mär 14 08:24
sess_89vsf4ov1c95ir9p28tdgu08qt
-rw------- 1 www-data www-data 1,4K Mär 14 08:47
sess_9klu878rdf4681lnfa8lotjqtd
-rw------- 1 www-data www-data 2,7K Mär 14 08:20
sess_a12srao17jldc81dpoi9tvlbnt
-rw------- 1 www-data www-data 453 Mär 14 08:29
sess_a4qvrsbiu9l2cpfqu43p4a17gj
-rw------- 1 www-data www-data 236 Mär 14 08:15
sess_adneo4ugs76p19mli1mq13fudm
-rw------- 1 www-data www-data 236 Mär 14 08:35
sess_dgj8m3i76rjbbqlvotgtvpmsab
-rw------- 1 www-data www-data 357 Mär 14 08:27
sess_gbd4aqj7g2m328sjqs89sedorf
-rw------- 1 www-data www-data 357 Mär 14 08:15
sess_gt69vfehatoqog41qpfgcenftl
-rw------- 1 www-data www-data 2,7K Mär 14 08:30
sess_jvp1cukrp0hls9nforbnj963rl
-rw------- 1 www-data www-data 242 Mär 14 08:45
sess_k5kb4dtbd322j8rhrqc5qedfpm
-rw------- 1 www-data www-data 242 Mär 14 08:47
sess_kkg3uilfr37cl87bhs30sp61js
-rw------- 1 www-data www-data 1,4K Mär 14 08:47
sess_mj7b75ch1io2ivk9mo0jr6qcaf
-rw------- 1 www-data www-data 236 Mär 14 08:17
sess_pb90o7j73ve99ll8q0980e59fb
-rw------- 1 www-data www-data 0 Mär 14 08:30
sess_q2s1ilndtb6sddllatjsknamlg
-rw------- 1 www-data www-data 236 Mär 14 08:27
sess_rvg8th58kk0h1lpr4v9ofqdep7
-rw------- 1 www-data www-data 357 Mär 14 08:47
sess_t9tjl5gsab8uj7376vmrjjcfds
-rw------- 1 www-data www-data 236 Mär 14 08:37
sess_trboupsqr1j5cgf2fmf0irp90o
-rw------- 1 www-data www-data 453 Mär 14 08:19
sess_uh8rbu7a2lcclm8d40pm7i6kcn
-rw------- 1 www-data www-data 9,9K Mär 14 08:48
sess_ujp535lbnt2tv476m9oh1kr4pe
chance to look into this?
This is currently a blocker and I see other people having the same
issue, e.g.:
https://marc.info/?l=imp&m=167248248904917&w=2
or
https://marc.info/?l=imp&m=165317259618622&w=2
Horde is setup up to login via IMP; login is successful (over SASL
against Shadow using PLAIN+TLS).
All Horde applications except IMP are working. IMP shows:
"IMP is marked as authenticated, but no credentials can be found in
the session."
Clicking on "Administration" -> "Sessions" shows: Listing sessions failed:
Also
# horde-active-sessions
And horde.log shows:
2023-03-10T06:39:59+00:00 WARN: HORDE [horde] PHP ERROR:
session_start(): Failed to read session data: user (path:
/var/lib/php/sessions) [pid 335520 on line 139 of
"/usr/share/php/Horde/Core/Factory/SessionHandler.php"]
2023-03-10T06:39:59+00:00 WARN: HORDE [horde] PHP ERROR:
session_decode(): Session is not active. You cannot decode session
data [pid 335520 on line 143 of
"/usr/share/php/Horde/Core/Factory/SessionHandler.php"]
2023-03-10T06:39:59+00:00 WARN: HORDE [horde] PHP ERROR:
session_destroy(): Trying to destroy uninitialized session [pid 335520
on line 151 of "/usr/share/php/Horde/Core/Factory/SessionHandler.php"]
Seems there is someting wrong with the session handling. I tried all
various options in Configuration -> Administration -> Horde -> Session
Handler. Right now I am using the default PHP Handler.
I assume this has something to do with the session encryption (and I
saw you already released a Blowfish patch recently, yet that didn't
solve my issue).
Below details on my installation:
Ubuntu 22.04 LTS
Horde Groupware Webmail Edition Horde Groupware Webmail Edition 5.2.22
Address Book Address Book (turba) 4.2.29
Bookmarks Bookmarks (trean) 1.1.10
Calendar Calendar (kronolith) 4.2.29
File Manager File Manager (gollem) 3.0.13
Filters Filters (ingo) 3.2.16
Horde Horde (horde) 5.2.23
Mail Mail (imp) 6.2.27
Notes Notes (mnemo) 4.2.14
Tasks Tasks (nag) 4.2.19
timeobjects 2.1.4
Wiki Wiki (wicked) 2.0.8
As this is currently a blocker, could you please raise the priority on
this issue?
We had to upgrade to a higher OS due to Ubuntu 18 LTS becoming EOL in April.
Thanks
Marcel
New Attachment: Horde Fatal Error.htm
State ⇒ Unconfirmed
Patch ⇒ No
Milestone ⇒
Queue ⇒ IMP
Summary ⇒ IMP is marked as authenticated
Type ⇒ Bug
Priority ⇒ 1. Low
On a new version of Ubuntu (22.04.1) with a version of PHP 7.4.33, I
installed Horde 5.2.23 / Imp 6.2.27 keeping the same version as the
previous server (Ubuntu 20.04 + PHP 7.4) . I encounter the following
error:
"IMP is marked as authenticated, but no credentials can be found in
the session." (see Attachment)
The other modules seem to work well (turba, kronolith, ingo, nag,...)
Could you help me ?
Best regards,
William Joye