Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Misc. --> Category: infos

IMAP Unencrypted Cleartext Logins Vulnerability Scan

Vulnerability Scan Summary
Checks if IMAP daemon allows unencrypted cleartext logins

Detailed Explanation for this Vulnerability Test

The remote host is running an IMAP daemon that allows cleartext logins over
unencrypted connections. A possible hacker can uncover user names and
passwords by sniffing traffic to the IMAP daemon if a less secure
authentication mechanism (eg, LOGIN command, AUTH=PLAIN, AUTH=LOGIN)
is used.

Solution : Contact your vendor for a fix or encrypt traffic with SSL /
TLS using stunnel.

See also : RFC 2222 for infomation about SASL.
RFC 2595 for information about TLS with IMAP.

Threat Level: Low

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.