Clean up and harden POP3 helper login functions (nselib/pop3.lua) #3277
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ling. Authored by Sweekar-cmd
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR refactors and fixes the POP3 helper functions in nselib/pop3.lua.
The goal is to improve correctness, robustness, and consistency of POP3 authentication helpers that are used by NSE scripts (including pop3-brute.nse).
Changes in this PR:
Fix and harden SASL LOGIN authentication handling
Improve SASL PLAIN and CRAM-MD5 authentication logic -
Correct APOP handling and clearly report missing OpenSSL support
Normalize return values and error codes across login helpers
Clean up code structure and remove legacy inconsistencies
Scope and limitations:
This PR does NOT modify pop3-brute.nse directly
STLS negotiation, automatic auth method selection, NTLM support, and extended RFC error code handling are NOT implemented here
Relation to Needed enhancements to pop3-brute.nse #2158:
This work is intended as a foundational cleanup to support future improvements requested in Needed enhancements to pop3-brute.nse #2158. By fixing and stabilizing pop3.lua, follow-up changes to pop3-brute.nse (STLS detection, CAPA-based auth selection, extended error handling, etc.) can be implemented more safely and incrementally.
— happy to adjust or refine this as needed.
by: Sweekar-cmd