clearer error message for wrong credentials?
Moderator: Project members
-
- 504 Command not implemented
- Posts: 7
- Joined: 2020-09-25 13:35
- First name: Flavio
- Last name: Zarur
clearer error message for wrong credentials?
Hello, friends!
By any chance, is it possibe to translate the error message when user provides wrong credentials?
Error: 530 User cannot log in.
This error is not so clear. I wish we could make it clearer, something like "Wrong user or password". It would with users possibly understanding the issue better and sooner.
Thanks!
By any chance, is it possibe to translate the error message when user provides wrong credentials?
Error: 530 User cannot log in.
This error is not so clear. I wish we could make it clearer, something like "Wrong user or password". It would with users possibly understanding the issue better and sooner.
Thanks!
Re: clearer error message for wrong credentials?
The message comes straight from the server and could have any number of reasons. It would be misleading to display a different error instead.
-
- 504 Command not implemented
- Posts: 7
- Joined: 2020-09-25 13:35
- First name: Flavio
- Last name: Zarur
Re: clearer error message for wrong credentials?
Thanks. Other situations, I imagined.
But it would be really nice if wrong user or pwd could have a clearer message. Can you consider it as a feature request, pls? or let us customize the error? Ideally, in case of wrong user or pwd show a clearer error...
But it would be really nice if wrong user or pwd could have a clearer message. Can you consider it as a feature request, pls? or let us customize the error? Ideally, in case of wrong user or pwd show a clearer error...
Re: clearer error message for wrong credentials?
That's the question, the server doesn't tell exactly what's wrong. FileZilla thus cannot know if it is a wrong username, password, account suspended, or even the heat death of the universe. It would be misleading to display any specific message as we don't know.
Please note that this behavior is by design, the server will not tell if the username and/or password is/are wrong, in order to prevent password guessing.
Please note that this behavior is by design, the server will not tell if the username and/or password is/are wrong, in order to prevent password guessing.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
-
- 504 Command not implemented
- Posts: 7
- Joined: 2020-09-25 13:35
- First name: Flavio
- Last name: Zarur
Re: clearer error message for wrong credentials?
Hi,
I see. Thanks a lot for such a fast and nice reply. Still, Id consider something like "Incorrect login. Possible incorrect user/pwd or other errors".
But I do understand how complex it is.
Thanks!!
I see. Thanks a lot for such a fast and nice reply. Still, Id consider something like "Incorrect login. Possible incorrect user/pwd or other errors".
But I do understand how complex it is.
Thanks!!
Re: clearer error message for wrong credentials?
Two issues:
1. It's the server that sends exactly that text. While FileZilla only evaluates the response code (530) and ignores the text, modifying it is something no program should ever do (it's regarded as tampering with).
2. As already said, the error could be anything. Imagine the server lost its user database, same error. Imagine you are connecting to the wrong server, same error. And so on.
@botg: Modifying the server message is out of the question, but would it be possible to add a short status line after the login error, essentially saying "Check login credentials, contact server administrator if error persists!"?
1. It's the server that sends exactly that text. While FileZilla only evaluates the response code (530) and ignores the text, modifying it is something no program should ever do (it's regarded as tampering with).
2. As already said, the error could be anything. Imagine the server lost its user database, same error. Imagine you are connecting to the wrong server, same error. And so on.
@botg: Modifying the server message is out of the question, but would it be possible to add a short status line after the login error, essentially saying "Check login credentials, contact server administrator if error persists!"?
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
-
- 504 Command not implemented
- Posts: 7
- Joined: 2020-09-25 13:35
- First name: Flavio
- Last name: Zarur
Re: clearer error message for wrong credentials?
Hi, Boco
I see. Ok, your idea is great. Let's see, if that can be done, would already help.
That's all I want, better guidance to users when it's user or pwd incorrect. Other servers do have that. For example, just put wrong pwd in some other FTP server I have, I got 530 Login authentication failed
Thanks.
I see. Ok, your idea is great. Let's see, if that can be done, would already help.
That's all I want, better guidance to users when it's user or pwd incorrect. Other servers do have that. For example, just put wrong pwd in some other FTP server I have, I got 530 Login authentication failed
Thanks.
Re: clearer error message for wrong credentials?
It's the statement the developer always posts when someone asks about 530 Login incorrect. Putting it into the program will hopefully prevent many further posts about the problem. It's the sad truth that we cannot provide much help regarding pure server errors like this one. If the server says "Nay", FileZilla cannot override that.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
-
- 504 Command not implemented
- Posts: 7
- Joined: 2020-09-25 13:35
- First name: Flavio
- Last name: Zarur
Re: clearer error message for wrong credentials?
Friend,
How are you? Any news to this? Did @botg reply?
Why other FTP servers give out a clear error? I still didn't understand 100%. You say the server says Nah, but isn't it filezilla checking pwd...?
Thanks!
How are you? Any news to this? Did @botg reply?
Why other FTP servers give out a clear error? I still didn't understand 100%. You say the server says Nah, but isn't it filezilla checking pwd...?
Thanks!
Re: clearer error message for wrong credentials?
Nope.Did @botg reply?
I'm not aware of any FTP servers that give more information.Why other FTP servers give out a clear error?
Server says "Nah", but it doesn't say exactly what's wrong. "Login incorrect" does not always mean wrong password!You say the server says Nah, but isn't it filezilla checking pwd...?
The behavior is by design. We don't want to give attackers any clues and hints. Thus, servers will not tell you if an account even exists.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
-
- 504 Command not implemented
- Posts: 7
- Joined: 2020-09-25 13:35
- First name: Flavio
- Last name: Zarur
Re: clearer error message for wrong credentials?
Dear Boco,
Thanks again for your reply!
Now I understand, when you talk about attackers. I still think a mid-term would be nice We don't wanna mislead users either...
When you say " servers will not tell you if an account even exists.", AFAIK, when one uses filezilla server, it's the one that validates the pwd, no? Perhaps not always, if user integrates it with some other authentication server, correct?
I did a test with 3 different FTP servers, putting wrong pwd. See results below.
I believe you had agreed with me, just a bit clearer error. Something like Unable to connect. Credentials possibly invalid.
Something that would give a clue,at least. User cannot log in is so generic...
See, 3 other FTP servers, wrong pwd
530 Identification failed, please try again
530 Login incorrect.
530 Login authentication failed
xxx
Maybe what is missing is the word login?
user cannot login, then critical error. it seems like something else is wrong, maybe thats the goal, to mislead attackers, then it worked
Thanks
Thanks again for your reply!
Now I understand, when you talk about attackers. I still think a mid-term would be nice We don't wanna mislead users either...
When you say " servers will not tell you if an account even exists.", AFAIK, when one uses filezilla server, it's the one that validates the pwd, no? Perhaps not always, if user integrates it with some other authentication server, correct?
I did a test with 3 different FTP servers, putting wrong pwd. See results below.
I believe you had agreed with me, just a bit clearer error. Something like Unable to connect. Credentials possibly invalid.
Something that would give a clue,at least. User cannot log in is so generic...
See, 3 other FTP servers, wrong pwd
530 Identification failed, please try again
530 Login incorrect.
530 Login authentication failed
xxx
Maybe what is missing is the word login?
user cannot login, then critical error. it seems like something else is wrong, maybe thats the goal, to mislead attackers, then it worked
Thanks
Re: clearer error message for wrong credentials?
Imagine you try to log in with a made-up username. Even then, the FTP server first asks for the password, then tells "530 Login or password incorrect!" (text from legacy FileZilla Server). The attacker (guessing or probing login data) will not gain any knowledge about if that account actually exists. The server will not tell, it's a cover-up.
Again, FileZilla Server sends:
How could that be misleading? Actually, the text is even irrelevant, these messages are not targeted at the user. It's meant for the client and for us.
The final "Critical error" is from FileZilla Client and means that the error will not resolve without your intervention. FileZilla will evaluate the numeric code, any starting with 5xx is "permanent failure condition". It doesn't get any more specific in terms of user credentials.
Well, yes, not the actual password, but it validates the computed SHA512 hash against the stored one. FileZilla Server does neither store nor know your password. But even if there's nothing to validate, it will still ask for a password, to not reveal the non-existence of the account.AFAIK, when one uses filezilla server, it's the one that validates the pwd, no?
Again, FileZilla Server sends:
Code: Select all
530 Login or password incorrect!
The final "Critical error" is from FileZilla Client and means that the error will not resolve without your intervention. FileZilla will evaluate the numeric code, any starting with 5xx is "permanent failure condition". It doesn't get any more specific in terms of user credentials.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
-
- 504 Command not implemented
- Posts: 7
- Joined: 2020-09-25 13:35
- First name: Flavio
- Last name: Zarur
Re: clearer error message for wrong credentials?
Friend,
Sorry, my bad. I had understood my host used Filezilla FTP server, that's what I meant since the beginning, hence I put this message in this section of the forum, but it seems they don't use it.
Sorry for the confusion and for taking your time. Feel free to delete this post.
Thanks.
Sorry, my bad. I had understood my host used Filezilla FTP server, that's what I meant since the beginning, hence I put this message in this section of the forum, but it seems they don't use it.
Sorry for the confusion and for taking your time. Feel free to delete this post.
Thanks.
Re: clearer error message for wrong credentials?
We don't delete posts, unless it's spam or could mislead others. As there's some information in this topic, I'll lock and then will move it to General Discussion.
[Locked] on request.
[Locked] on request.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org