Last I checked the client generated a random salt for its password which requires the server's password for the client to have the same salt- and since it's random, it requires the password to be in plain text... At least, this is my experience of it.
It should work a bit differently. In step 1, the client gets the plain MD5 hash of the password. The server sends a random salt, the client scrambles the hash again with that salt and sends the resulting second level MD5 hash back. The server can verify that, only knowing the MD5 sum of the password. If that's not how it works, it's a bug and all the more reason not to use the system right now