Family: Misc. --> Category: infos
IMAP Unencrypted Cleartext Logins Vulnerability Scan
Vulnerability Scan Summary
Checks if IMAP daemon allows unencrypted cleartext logins
Detailed Explanation for this Vulnerability Test
The remote host is running an IMAP daemon that allows cleartext logins over
unencrypted connections. A possible hacker can uncover user names and
passwords by sniffing traffic to the IMAP daemon if a less secure
authentication mechanism (eg, LOGIN command, AUTH=PLAIN, AUTH=LOGIN)
Solution : Contact your vendor for a fix or encrypt traffic with SSL /
TLS using stunnel.
See also : RFC 2222 for infomation about SASL.
RFC 2595 for information about TLS with IMAP.
Threat Level: Low
Click HERE for more information and discussions on this network vulnerability scan.