Rclone uses old credential logic causes account lockout with recent MEGA Sync update

Using rclone to sync with MEGA has started causing my MEGA account to be locked due to a recent change on the MEGA side. This is what MEGA support said:

"The rclone software do not fully implement our cryptographic protocols, they sent the login request with a old credential logic, that is not secure. So to prevent any damage your account was blocked.
They have to upgrade they credential logic and implement our cryptographic protocols to avoid that security measure."

Is anyone else experiencing this?

Don't use Mega myself, but it kind of seems like you have already gotten a pretty straight answer from Mega regarding what the problem is.

In this case the Mega backend will have to updated. Hopefully that doesn't take too long since this sounds like it would apply to all rclone users with mega remotes.

You should go make an issue on it so devs are notified:

EDIT: I see one has already been opened. Don't know if that was you who made it, but if not, go upvote it to draw attention to it.

Hi yes thanks that was me. Is there anything else I need to do?

No, this marks it as a problem that needs fixing - so given time someone will take care of it. I don't know if anyone in particular is assigned to keep Mega up to date though, aside from NCW himself.

Of course, if you code, you could have a go at implementing the changes yourself and then contributing that code to the project. That is always greatly appreciated if you have the skills to do it :slight_smile:

Ok thank you! I do but I doubt up to the skill level required. I should get familiar with the code base though!

This may be relevant if you want to tinker:

I might be trying my hand at doing a really simple change myself in the near future (intimidating lol).

I don't know how hard this task is. Probably helps if you know some basics about authentication systems already, but if the updated API is well documented (and it probably is) then sometimes it can be less daunting than you think. If you took a look at the authentication code for the existing backend you would probably get a good idea at exactly how complex a task it might be. The code is on github, so go have a browse if you have an interest in it.

Ok thanks will take a look. Mega are a pretty lousy company and against 3rd party tools so I doubt the API is well documented. NCW replied to the GitHub issue, he says they changed Mega login in rclone 1.4.6 but I'm using 1.4.8, and the issue only seemed to start today so I'm pretty sure it's a change on the Mega end. Thank you for your help! :slight_smile:

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.