Opened 7 years ago

Closed 3 years ago

Last modified 3 years ago

#14619 closed defect (duplicate)

Facebook plugin error because security changes

Reported by: elrafaargentino Owned by: deryni
Milestone: Component: Facebook
Version: 2.10.0 Keywords:
Cc:

Description

Yesterday Facebook change something about devices. When you enter with Pidgin, Facebook detects like a "device" and ask you if its ok or not and you must put it a name (example: pidginfromhome). You can try and try, but Pidgin allways says "Incorrect username or password". And Facebook ask you again the same. Its a kind of loop.

I tried with and without https. Sometimes Pidgin asks for certificate (login.facebook.com), but you can put Accept o Deny that its the same.

Attachments (1)

purple-debug.log (17.5 KB) - added by elrafaargentino 7 years ago.

Download all attachments as: .zip

Change History (22)

comment:1 Changed 7 years ago by QuLogic

  • Resolution set to invalid
  • Status changed from new to closed

This issue is caused by a third party plugin. We have no control over these plugins. Please report this problem to the authors of this third party plugin.

comment:2 follow-up: Changed 7 years ago by elrafaargentino

Ok, thanks. XMPP either, right?

comment:3 in reply to: ↑ 2 Changed 7 years ago by QuLogic

Replying to elrafaargentino:

Ok, thanks. XMPP either, right?

XMPP is supported here, but it doesn't use login.facebook.com.

comment:4 follow-up: Changed 7 years ago by elrafaargentino

The error message is: 23:51:26) chat.facebook.com: Inicia sesión en www.facebook.com desde una computadora y sigue las instrucciones dadas.

(login in www.facebook.com from a pc and follow the instructions.)

comment:5 in reply to: ↑ 4 Changed 7 years ago by QuLogic

Replying to elrafaargentino:

(login in www.facebook.com from a pc and follow the instructions.)

So why don't you follow the instructions, then?

comment:6 Changed 7 years ago by QuLogic

  • Resolution invalid deleted
  • Status changed from closed to new

comment:7 Changed 7 years ago by QuLogic

  • Component changed from pidgin (gtk) to XMPP
  • Keywords facebook login.facebook.com removed
  • Status changed from new to pending

Please follow the instructions to get a debug log and attach it to this ticket.

Changed 7 years ago by elrafaargentino

comment:8 Changed 7 years ago by elrafaargentino

  • Status changed from pending to new

Attachment (purple-debug.log) added by ticket reporter.

comment:10 Changed 7 years ago by QuLogic

  • Milestone 2.10.1 deleted
  • Owner set to deryni

comment:11 Changed 7 years ago by darkrain42

  • Status changed from new to pending

So you go to facebook.com in a web browser and...what? What exactly do the instructions say, and what exactly do you do? Do you make any changes in Pidgin?

comment:12 Changed 7 years ago by elrafaargentino

  • Status changed from pending to new

There is not instructions. You go to facebook, login, and use it as always. A few days ago the facebook external plugin starts with "incorrect username or password". Just a few times the facebook´s website asks about a external device, but its doesnt happens anymore.

So I start trying with XMPP, but a message in a windows is opened with "(23:33:49) chat.facebook.com: Inicia sesión en www.facebook.com desde una computadora y sigue las instrucciones dadas." (error log attached).

I couldnt found an option in facebook.com, and I tried with and without certificate.

comment:13 Changed 7 years ago by elrafaargentino

comment:14 Changed 7 years ago by darkrain42

I'm not sure I see how that applies to this situation, as 1) those changes haven't gone into effect yet, and 2) nothing there *actually* says that they're going to require OAuth for XMPP (just that they *support* Oauth for XMPP).

I honestly am not expecting Facebook to remove support for DIGEST-MD5, as it is what provides them with compatibility with effectively all generic XMPP clients.

That said, I have no idea why you're getting this error message.

comment:15 Changed 7 years ago by elrafaargentino

I´m the only guy with Facebook/Pidgin? problems? I tried with differents PCs and connections.

Maybe another port? Maybe proxy.eu.jabber.org?

It´s very bizarre!

comment:16 Changed 7 years ago by housemeister

I can not login, too.

"Not authorized"

(22:56:07) jabber: jabber_actions: have pep: NO
(22:56:07) jabber: jabber_actions: have pep: NO
(22:56:07) jabber: jabber_actions: have pep: NO
(22:56:07) account: Connecting to account *******@chat.facebook.com/.
(22:56:07) connection: Connecting. gc = 06948AE8
(22:56:07) dnssrv: querying SRV record for chat.facebook.com: _xmpp-client._tcp.chat.facebook.com
(22:56:07) dnssrv: found 0 SRV entries
(22:56:07) dnsquery: Performing DNS lookup for chat.facebook.com
(22:56:07) dnsquery: IP resolved for chat.facebook.com
(22:56:07) proxy: Attempting connection to 66.220.151.99
(22:56:07) proxy: Connecting to chat.facebook.com:5222 with no proxy
(22:56:07) proxy: Connection in progress
(22:56:07) proxy: Connecting to chat.facebook.com:5222.
(22:56:07) proxy: Connected to chat.facebook.com:5222.
(22:56:07) jabber: Sending (***********@chat.facebook.com): <?xml version='1.0' ?>
(22:56:07) jabber: Sending (***********@chat.facebook.com): <stream:stream to='chat.facebook.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
(22:56:08) jabber: Recv (400): <?xml version="1.0"?><stream:stream id="082820C6" from="chat.facebook.com" version="1.0" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" xml:lang="en"><stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>X-FACEBOOK-PLATFORM</mechanism><mechanism>DIGEST-MD5</mechanism></mechanisms></stream:features>
(22:56:08) jabber: Sending (***********@chat.facebook.com): <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
(22:56:08) jabber: Recv (50): <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
(22:56:08) nss: subject=CN=chat.facebook.com,O="Facebook, Inc.",L=Palo Alto,ST=California,C=US issuer=CN=DigiCert High Assurance CA-3,OU=www.digicert.com,O=DigiCert Inc,C=US
(22:56:08) nss: subject=CN=DigiCert High Assurance CA-3,OU=www.digicert.com,O=DigiCert Inc,C=US issuer=CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
(22:56:08) nss: subject=CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US issuer=CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
(22:56:08) certificate/x509/tls_cached: Starting verify for chat.facebook.com
(22:56:08) certificate/x509/tls_cached: Checking for cached cert...
(22:56:08) certificate/x509/tls_cached: ...Found cached cert
(22:56:08) nss/x509: Loading certificate from F:\PortableApps\PidginPortable\Data\settings\.purple\certificates\x509\tls_peers\chat.facebook.com
(22:56:08) certificate/x509/tls_cached: Peer cert matched cached
(22:56:08) nss/x509: Exporting certificate to F:\PortableApps\PidginPortable\Data\settings\.purple\certificates\x509\tls_peers\chat.facebook.com
(22:56:08) util: Writing file F:\PortableApps\PidginPortable\Data\settings\.purple\certificates\x509\tls_peers\chat.facebook.com
(22:56:09) certificate: Successfully verified certificate for chat.facebook.com
(22:56:09) jabber: Sending (ssl) (***********@chat.facebook.com): <stream:stream to='chat.facebook.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
(22:56:09) jabber: Recv (ssl)(173): <?xml version="1.0"?><stream:stream id="6ABFA09F" from="chat.facebook.com" version="1.0" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" xml:lang="en">
(22:56:09) jabber: Recv (ssl)(176): <stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>X-FACEBOOK-PLATFORM</mechanism><mechanism>DIGEST-MD5</mechanism></mechanisms></stream:features>
(22:56:09) sasl: Mechs found: X-FACEBOOK-PLATFORM DIGEST-MD5
(22:56:09) jabber: Sending (ssl) (***********@chat.facebook.com): <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='DIGEST-MD5' xmlns:ga='http://www.google.com/talk/protocol/auth' ga:client-uses-full-bind-result='true'/>
(22:56:09) jabber: Recv (ssl)(212): <challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">------SOME-LETTERS------</challenge>
(22:56:09) sasl: DIGEST-MD5 client step 2
(22:56:09) jabber: Sending (ssl) (***********@chat.facebook.com): <response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>------SOME-LETTERS------</response>
(22:56:09) jabber: Recv (ssl)(77): <failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><not-authorized/></failure>
(22:56:09) sasl: Mechs found: X-FACEBOOK-PLATFORM 
(22:56:09) sasl: No worthy mechs found
(22:56:09) connection: Connection error on 06948AE8 (reason: 2 description: Nicht autorisiert)
(22:56:09) jabber: jabber_actions: have pep: NO
(22:56:09) jabber: jabber_actions: have pep: NO
(22:56:09) jabber: jabber_actions: have pep: NO
(22:56:09) account: Disconnecting account (***********@chat.facebook.com/ (019F0930)
(22:56:09) connection: Disconnecting connection 06948AE8
(22:56:09) jabber: Sending (ssl) ((***********@chat.facebook.com): </stream:stream>
(22:56:09) jabber: jabber_actions: have pep: NO
(22:56:09) jabber: jabber_actions: have pep: NO
(22:56:09) jabber: jabber_actions: have pep: NO
(22:56:09) connection: Destroying connection 06948AE8
(22:56:13) util: Writing file accounts.xml to directory F:\PortableApps\PidginPortable\Data\settings\.purple
(22:56:13) util: Writing file F:\PortableApps\PidginPortable\Data\settings\.purple\accounts.xml
(22:56:14) jabber: Recv (ssl)(1): 

The problem could be that I use the portable version of pidgin but I will not miss it. :/ Can I delete the file chat.facebook.com in F:\PortableApps?\PidginPortable?\Data\settings\.purple\certificates\x509\tls_peers?

comment:17 Changed 7 years ago by deltafalcon

I'm also unable to login getting this error.

I've tried changing my password multiple times, even greatly simplifying it to see if any special characters were interfering with it. Also tried using my email address that I use for Facebook (even though it's not a valid XMPP ID) to no avail. Also every possible combination of encryption/plain-text authentication available in the settings with no luck.

Trying login.facebook.com attempts to connect but is ultimately unable to.

Here's the debug log from Pidgin (have removed my username from it and from the encoded digests sent to the server):

(21:27:47) account: Connecting to account *************@chat.facebook.com/Pidgin.
(21:27:47) connection: Connecting. gc = 0680E298
(21:27:47) dnssrv: querying SRV record for chat.facebook.com: _xmpp-client._tcp.chat.facebook.com
(21:27:47) dnssrv: found 1 SRV entries
(21:27:47) dnsquery: Performing DNS lookup for CHAt.FAceboOk.COm
(21:27:47) dnsquery: IP resolved for CHAt.FAceboOk.COm
(21:27:47) proxy: Attempting connection to 66.220.151.99
(21:27:47) proxy: Connecting to CHAt.FAceboOk.COm:5222 with no proxy
(21:27:47) proxy: Connection in progress
(21:27:48) util: Writing file accounts.xml to directory C:\Users\******\AppData\Roaming\.purple
(21:27:48) util: Writing file C:\Users\******\AppData\Roaming\.purple\accounts.xml
(21:27:48) proxy: Connecting to CHAt.FAceboOk.COm:5222.
(21:27:48) proxy: Connected to CHAt.FAceboOk.COm:5222.
(21:27:48) jabber: Sending (*************@chat.facebook.com/Pidgin): <?xml version='1.0' ?>
(21:27:48) jabber: Sending (*************@chat.facebook.com/Pidgin): <stream:stream to='chat.facebook.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
(21:27:48) jabber: Recv (173): <?xml version="1.0"?><stream:stream id="D2CE9702" from="chat.facebook.com" version="1.0" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" xml:lang="en">
(21:27:48) jabber: Recv (227): <stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>X-FACEBOOK-PLATFORM</mechanism><mechanism>DIGEST-MD5</mechanism></mechanisms></stream:features>
(21:27:48) jabber: Sending (*************@chat.facebook.com/Pidgin): <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
(21:27:48) jabber: Recv (50): <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
(21:27:49) nss: subject=CN=chat.facebook.com,O="Facebook, Inc.",L=Palo Alto,ST=California,C=US issuer=CN=DigiCert High Assurance CA-3,OU=www.digicert.com,O=DigiCert Inc,C=US
(21:27:49) nss: subject=CN=DigiCert High Assurance CA-3,OU=www.digicert.com,O=DigiCert Inc,C=US issuer=CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
(21:27:49) nss: subject=CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US issuer=CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
(21:27:49) certificate/x509/tls_cached: Starting verify for chat.facebook.com
(21:27:49) certificate/x509/tls_cached: Checking for cached cert...
(21:27:49) certificate/x509/tls_cached: ...Found cached cert
(21:27:49) nss/x509: Loading certificate from C:\Users\******\AppData\Roaming\.purple\certificates\x509\tls_peers\chat.facebook.com
(21:27:49) certificate/x509/tls_cached: Peer cert matched cached
(21:27:49) nss/x509: Exporting certificate to C:\Users\******\AppData\Roaming\.purple\certificates\x509\tls_peers\chat.facebook.com
(21:27:49) util: Writing file C:\Users\******\AppData\Roaming\.purple\certificates\x509\tls_peers\chat.facebook.com
(21:27:49) certificate: Successfully verified certificate for chat.facebook.com
(21:27:49) jabber: Sending (ssl) (*************@chat.facebook.com/Pidgin): <stream:stream to='chat.facebook.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
(21:27:49) jabber: Recv (ssl)(173): <?xml version="1.0"?><stream:stream id="AFF09A45" from="chat.facebook.com" version="1.0" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" xml:lang="en">
(21:27:49) jabber: Recv (ssl)(176): <stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>X-FACEBOOK-PLATFORM</mechanism><mechanism>DIGEST-MD5</mechanism></mechanisms></stream:features>
(21:27:49) sasl: Mechs found: X-FACEBOOK-PLATFORM DIGEST-MD5
(21:27:49) jabber: Sending (ssl) (*************@chat.facebook.com/Pidgin): <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='DIGEST-MD5' xmlns:ga='http://www.google.com/talk/protocol/auth' ga:client-uses-full-bind-result='true'/>
(21:27:49) jabber: Recv (ssl)(212): <challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">cmVhbG09ImNoYXQuZmFjZWJvb2suY29tIixub25jZT0iOTUzMThBQkRGMkFEQjk4OTc3MTg4RjhCQkIxQjU4NkQiLHFvcD0iYXV0aCIsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M=</challenge>
(21:27:49) sasl: DIGEST-MD5 client step 2
(21:27:49) jabber: Sending (ssl) (*************@chat.facebook.com/Pidgin): <response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>dXNlcm5hbWU9IioqKioqKioqKioqKioiLHJlYWxtPSJjaGF0LmZhY2Vib29rLmNvbSIsbm9uY2U9Ijk1MzE4QUJERjJBREI5ODk3NzE4OEY4QkJCMUI1ODZEIixjbm9uY2U9IlBnaFpRQko1RW5OWUpqWUplMWNUY0dsS0dCWm9QQk5BWFRNalNGZGdYRHc9IixuYz0wMDAwMDAwMSxxb3A9YXV0aCxkaWdlc3QtdXJpPSJ4bXBwL0NIQXQuRkFjZWJvT2suQ09tIixyZXNwb25zZT1lYWY4MDkzZTU3NDUwMjI4MGRiZTY3OGRjMDBkZTAzYyxjaGFyc2V0PXV0Zi04</response>
(21:27:49) jabber: Recv (ssl)(77): <failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><not-authorized/></failure>
(21:27:49) sasl: Mechs found: X-FACEBOOK-PLATFORM 
(21:27:49) sasl: No worthy mechs found
(21:27:49) connection: Connection error on 0680E298 (reason: 2 description: Not Authorized)
(21:27:49) account: Disconnecting account *************@chat.facebook.com/Pidgin (0268CDB0)
(21:27:49) connection: Disconnecting connection 0680E298
(21:27:49) jabber: Sending (ssl) (*************@chat.facebook.com/Pidgin): </stream:stream>
(21:27:49) connection: Destroying connection 0680E298
(21:27:54) util: Writing file accounts.xml to directory C:\Users\******\AppData\Roaming\.purple
(21:27:54) util: Writing file C:\Users\******\AppData\Roaming\.purple\accounts.xml

I've been hunting around for a fix to the issue and this seems to be a solution: http://stackoverflow.com/questions/7265505/x-facebook-platform-not-authorized http://www.ianquigley.com/A91_Facebook_Chat_Authentication_in_C.html

comment:18 Changed 7 years ago by deltafalcon

This is for version 2.10.6 by the way. It seems that Facebook has changed the way authentication is conducted, therefore throwing the error.

It seems that due to the advent of Facebook Messenger for Windows, this isn't as big an issue as it would be normally.

comment:19 Changed 7 years ago by deltafalcon

This is looking more like a bug that affects Windows specifically. Installed and added my Facebook Chat details to Pidgin in an Ubuntu virtual machine (2.10.6, Ubuntu 11.10) which connected without complaint.

comment:20 Changed 6 years ago by c1sc0

I am now able to login, the problem was, that my password contains non-English characters...

comment:21 Changed 3 years ago by dx

  • Resolution set to duplicate
  • Status changed from new to closed

Closed as duplicate of #13420.
Also, facebook's XMPP service doesn't work anymore.

See https://github.com/jgeboski/purple-facebook/wiki

comment:22 Changed 3 years ago by dx

  • Component changed from XMPP to Facebook
Note: See TracTickets for help on using tickets.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!