Better bad password prompt?
Kevin Cernekee
cernekee at gmail.com
Sun Feb 16 11:35:34 EST 2014
On Sun, Feb 16, 2014 at 7:32 AM, Nikos Mavrogiannopoulos
<nmav at gnutls.org> wrote:
> On 02/16/2014 10:25 AM, Steve wrote:
>> AnyConnect iOS client, input wrong password when connect will lead to
>> "unexpected error" after a long time(5-8s) other than reprompt user
>> credential input.
>
> What is the expected error to be sent from anyconnect servers when a
> wrong password is sent?
On ocserv I see a "503 Service Unavailable" response and the client gives up.
On nearly all ASAs I see a "200 OK" HTTP response and a "Login failed"
message. Like a login form on a website.
(Although there was one recent post regarding a server that returned
"204 No Content" in non-xmlpost mode; still don't know what was going
on there.)
POST https://asa/
> POST / HTTP/1.1
> Host: asa
> User-Agent: Open AnyConnect VPN Agent v5.03-177-gff2c518
> Accept: */*
> Accept-Encoding: identity
> X-Transcend-Version: 1
> X-Aggregate-Auth: 1
> X-AnyConnect-Platform: linux-64
> X-Pad: 000000000000000000000000000000000000
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 412
>
> <?xml version="1.0" encoding="UTF-8"?>
> <config-auth client="vpn" type="auth-reply"><version who="vpn">v5.03-177-gff2c518</version><device-id>linux-64</device-id><opaque is-for="sg">
> <tunnel-group>default</tunnel-group>
> <group-alias>d</group-alias>
> <config-hash>1392005870113</config-hash>
> </opaque><auth><username>baduser</username><password>badpass</password></auth><group-select>d</group-select></config-auth>
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Cache-Control: no-cache
Pragma: no-cache
Connection: Keep-Alive
Date: Sun, 16 Feb 2014 16:27:39 GMT
X-Aggregate-Auth: 1
HTTP body chunked (-2)
< <?xml version="1.0" encoding="UTF-8"?>
< <config-auth client="vpn" type="auth-request">
< <version who="sg">8.4(4)5</version>
< <opaque is-for="sg">
< <tunnel-group>default</tunnel-group>
< <group-alias>d</group-alias>
< <config-hash>1392005870113</config-hash>
< </opaque>
< <auth id="main">
< <title>Login</title>
< <message>Please enter your username and password.</message>
< <error id="15" param1="" param2="">Login failed.</error>
< <form>
< <input type="text" name="username" label="Username:"></input>
< <input type="password" name="password" label="Password:"></input>
< <select name="group_list" label="GROUP:">
< <option>alt</option>
< <option selected="true">d</option>
< </select>
< </form>
< </auth>
< </config-auth>
Login failed.
Please enter your username and password.
Username:
More information about the openconnect-devel
mailing list