powered by Jive Software

Spark + Openfire - loggin in without password?

Mystery. I was playing with Spark launching it out of network share. And at some point decided to delete user’'s password in profile and to see is Spark going to prompt for it. But it just started normally. So i cant uderstand how this is happening.

password is encrypted in spark.properties. Let’'s say that for a user “test” password line would look like

password=dd/dfjiws=

So, i’'m closing Spark, deleting that line and saving spark.properties. Launch Spark again and it connects with user “test” and can chat. But there is some OTHER value in password line.

Anonymous logon is disabled in server, and this doesnt look like anonymous logon.

If i logoff and enter test user’'s real password then dd/dfjiws= value will be in spark.properties again.

So, can anyone explain me this? Is Spark caching login info somethere else? Or is it some magical connection between Spark and Openfire letting any user to login without password?

Spark 2.5.1

Wildfire 3.2.3 (upgrading to 3.3.0 on Friday maybe)

for empty pass the hash is dJYPdisqdIo=

if i login with empty pass and then logout the password field in login screen will be empty

SPARK-715

Can’t reproduce with the latest versions.