[GH-ISSUE #821] Spaces in passwords are not handled correctly when adding servers #489

New issue

Closed

opened 2026-02-25 21:35:09 +03:00 by kerem · 8 comments

kerem commented 2026-02-25 21:35:09 +03:00

Owner

Copy link

Originally created by @ivanov17 on GitHub (Nov 4, 2023).
Original GitHub issue: https://github.com/cypht-org/cypht/issues/821

Originally assigned to: @Shadow243 on GitHub.

🐛 Bugreport

When I try to add a new IMAP or SMTP server on the Servers page and specify a password that contains spaces, I get the message Unable to save this server, are the username and password correct?.

At the same time, in the IMAP server logs I see the error authentication failure: checkpass failed. But the password provided is correct.

When I use a password of the same length but without spaces, the authentication succeeds and I can receive or send emails. This means that Cypht does not handle spaces in passwords correctly in this case.

In principle, SMTP and IMAP servers can accept any Unicode characters in passwords. This means that Cypht must also accept any Unicode characters and handle them as expected.

However, the login page handles spaces in passwords properly.

Also, this either does not affect the issue https://github.com/cypht-org/cypht/issues/820 or may just be an additional factor. At least I still can't save the settings permanently, even using a password without spaces.

Version & Environment

Rev: v1.4.0

OS: CentOS Stream 9 container

PHP: 8.2.12

Steps to reproduce

1. Set a password containing spaces for your IMAP or SMTP account
2. Go to Servers page
3. Try to add an IMAP or SMTP server to your Cypht account

Originally created by @ivanov17 on GitHub (Nov 4, 2023). Original GitHub issue: https://github.com/cypht-org/cypht/issues/821 Originally assigned to: @Shadow243 on GitHub. ## 🐛 Bugreport <!-- Describe your issue in detail. Include screenshots if needed. Give us as much information as possible. --> When I try to add a new IMAP or SMTP server on the `Servers` page and specify a password that contains spaces, I get the message `Unable to save this server, are the username and password correct?`. At the same time, in the IMAP server logs I see the error `authentication failure: checkpass failed`. But the password provided is correct. When I use a password of the same length but without spaces, the authentication succeeds and I can receive or send emails. This means that Cypht does not handle spaces in passwords correctly in this case. In principle, SMTP and IMAP servers can accept any Unicode characters in passwords. This means that Cypht must also accept any Unicode characters and handle them as expected. However, the login page handles spaces in passwords properly. Also, this either does not affect the issue https://github.com/cypht-org/cypht/issues/820 or may just be an additional factor. At least I still can't save the settings permanently, even using a password without spaces. ### Version & Environment <!-- Paste Git-Commit ID or Tag-Name here --> Rev: `v1.4.0` <!-- Specify your OS and OS Version here if the issue is (most likely) platform dependent. --> OS: CentOS Stream 9 container PHP: 8.2.12 ### Steps to reproduce 1. Set a password containing spaces for your IMAP or SMTP account 2. Go to `Servers` page 3. Try to add an IMAP or SMTP server to your Cypht account

kerem closed this issue 2026-02-25 21:35:09 +03:00

kerem commented 2026-02-25 21:35:09 +03:00

Author

Owner

Copy link

@marclaporte commented on GitHub (Nov 4, 2023):

I am OK for spaces in the password, but not spaces as first or last character because it causes too many support requests when people copy-paste passwords (which make sense when they are super-long)
https://github.com/cypht-org/cypht/pull/780

<!-- gh-comment-id:1793508324 --> @marclaporte commented on GitHub (Nov 4, 2023): I am OK for spaces in the password, but not spaces as first or last character because it causes too many support requests when people copy-paste passwords (which make sense when they are super-long) https://github.com/cypht-org/cypht/pull/780

kerem commented 2026-02-25 21:35:09 +03:00

Author

Owner

Copy link

@Shadow243 commented on GitHub (Nov 4, 2023):

We are already initiating a solution to the case, but it appears that the error lies in spaces being transformed into plus signs, especially when they are in the middle of passwords.

<!-- gh-comment-id:1793517797 --> @Shadow243 commented on GitHub (Nov 4, 2023): We are already initiating a solution to the case, but it appears that the error lies in spaces being transformed into plus signs, especially when they are in the middle of passwords.

kerem commented 2026-02-25 21:35:09 +03:00

Author

Owner

Copy link

@ivanov17 commented on GitHub (Nov 4, 2023):

@marclaporte In this case, Cypht also stores passwords for remote services, and hypothetically they can be anything. I think the main concern here should be to properly store whatever password the user wants to store.

There is an interesting discussion on spaces in passwords on StackExchange: https://security.stackexchange.com/questions/32691/why-not-allow-spaces-in-a-password

In the comments, among other things, the following opinion is found:

If you notice at creation time that there are trailing spaces in a password then warn the user that this is not recommended. Don't stop them from doing this but tell them that their password will not be as secure.

Perhaps a better solution would be to warn the user about leading or trailing spaces.

<!-- gh-comment-id:1793531539 --> @ivanov17 commented on GitHub (Nov 4, 2023): @marclaporte In this case, Cypht also stores passwords for remote services, and hypothetically they can be anything. I think the main concern here should be to properly store whatever password the user wants to store. There is an interesting discussion on spaces in passwords on StackExchange: <https://security.stackexchange.com/questions/32691/why-not-allow-spaces-in-a-password> In the comments, among other things, the following opinion is found: > If you notice at creation time that there are trailing spaces in a password then warn the user that this is not recommended. Don't stop them from doing this but tell them that their password will not be as secure. Perhaps a better solution would be to warn the user about leading or trailing spaces.

kerem commented 2026-02-25 21:35:09 +03:00

Author

Owner

Copy link

@marclaporte commented on GitHub (Nov 7, 2023):

For the record, I am supportive of spaces in passwords (just not first/last character). Ref: https://xkcd.com/936/

<!-- gh-comment-id:1800176654 --> @marclaporte commented on GitHub (Nov 7, 2023): For the record, I am supportive of spaces in passwords (just not first/last character). Ref: https://xkcd.com/936/

kerem commented 2026-02-25 21:35:10 +03:00

Author

Owner

Copy link

@marclaporte commented on GitHub (Dec 14, 2023):

@ivanov17 Good point that the user may not be able to modify the password from an external service. But I have never seen a password with a trailing space in my long career in IT. OTOH, I have many times helped users with an accidental trailing space that would cause multiple tries and to lock their account. As long as users are warned, I am OK.

@Shadow243: Your decision.

<!-- gh-comment-id:1855924237 --> @marclaporte commented on GitHub (Dec 14, 2023): @ivanov17 Good point that the user may not be able to modify the password from an external service. But I have never seen a password with a trailing space in my long career in IT. OTOH, I have many times helped users with an accidental trailing space that would cause multiple tries and to lock their account. As long as users are warned, I am OK. @Shadow243: Your decision.

kerem commented 2026-02-25 21:35:10 +03:00

Author

Owner

Copy link

@marclaporte commented on GitHub (Dec 15, 2023):

We already have a PR for this: https://github.com/cypht-org/cypht/pull/780

<!-- gh-comment-id:1857142567 --> @marclaporte commented on GitHub (Dec 15, 2023): We already have a PR for this: https://github.com/cypht-org/cypht/pull/780

kerem commented 2026-02-25 21:35:10 +03:00

Author

Owner

Copy link

@Shadow243 commented on GitHub (Mar 23, 2024):

This issue has been solved by this: https://github.com/cypht-org/cypht/pull/822

<!-- gh-comment-id:2016244481 --> @Shadow243 commented on GitHub (Mar 23, 2024): This issue has been solved by this: [https://github.com/cypht-org/cypht/pull/822](https://github.com/cypht-org/cypht/pull/822)

kerem commented 2026-02-25 21:35:10 +03:00

Author

Owner

Copy link

@marclaporte commented on GitHub (Mar 23, 2024):

@ivanov17 Please test and re-open if issue persists.

<!-- gh-comment-id:2016302805 --> @marclaporte commented on GitHub (Mar 23, 2024): @ivanov17 Please test and re-open if issue persists.

kerem referenced this issue 2026-02-25 21:36:24 +03:00

[PR #489] [MERGED] Cypht view on a folder in mobile mode: Should have a search box #843

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

2.x

mta-sts-implementation

feat-compose-backspace-delete-recipients

release-2.5.1

add-tls3-support

1.4.x

enforce-coverage

release-2.4.2

strip_dns_prefetch_tags

fix_nightly_build

pr-title-validation-update

review-sent-email

revert-1339-fixed-tags-display

revert-1061-rem-cram-md5

sys-messages-revamp

revert-685-fixed-str-pos-warning-when-no-to

revert-590-empty-settings

release-1.3.0

revert-471-draft-add-warning

revert-454-feature/server-list-by-uniqid

php7.4-support

release-1.2.0

remove-mobile-media-queries

release-1.1.0

release-1.0.0

v2.7.0

v2.6.0

v2.5.1

v2.5.0

v1.4.7

v2.4.2

v2.4.1

v1.4.6

v1.4.5

v2.4.0

v2.3.0

v2.2.0

v1.4.4

v2.1.0

v2.0.1

v1.4.3

v2.0.0

v1.4.2

v1.4.1

v1.4.0

v1.3.0

v1.3.0-rc3

v1.3.0-rc2

v1.3.0-rc1

v1.1.0

v1.1.0-rc4

v1.1.0-rc3

v1.1.0-rc2

v1.1.0-rc1

v1.0.0

v1.0.0-rc8

v1.0.0-rc7

v1.0.0-rc6

v1.0.0-rc5

v1.0.0-rc4

v1.0.0-rc3

v1.0.0-rc2

v1.0.0-rc1

Labels

Clear labels   

2fa

  

I18N

  

PGP

  

Security

  

Security

  

account

  

advanced_search

  

advanced_search

  

announcement

  

api_login

  

authentication

  

awaiting feedback

  

blocker

  

bug

  

bug

  

bug

  

calendar

  

config

  

contacts

  

core

  

core

  

devops

  

docker

  

docs

  

duplicate

  

dynamic_login

  

enhancement

  

epic

  

feature

  

feeds

  

framework

  

github

  

github

  

gmail_contacts

  

good first issue

  

help wanted

  

history

  

history

  

imap

  

imap_folders

  

inline_message

  

installation

  

keyboard_shortcuts

  

keyboard_shortcuts

  

ldap_contacts

  

mobile

  

need-ssh-access

  

new module set

  

nux

  

pop3

  

profiles

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

refactor

  

release

  

research

  

saved_searches

  

smtp

  

strategic

  

tags

  

tests

  

themes

  

website

  

wordpress

No labels

2fa

I18N

PGP

Security

Security

account

advanced_search

advanced_search

announcement

api_login

authentication

awaiting feedback

blocker

bug

bug

bug

calendar

config

contacts

core

core

devops

docker

docs

duplicate

dynamic_login

enhancement

epic

feature

feeds

framework

github

github

gmail_contacts

good first issue

help wanted

history

history

imap

imap_folders

inline_message

installation

keyboard_shortcuts

keyboard_shortcuts

ldap_contacts

mobile

need-ssh-access

new module set

nux

pop3

profiles

pull-request

question

refactor

release

research

saved_searches

smtp

strategic

tags

tests

themes

website

wordpress

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/cypht#489

No description provided.