[PLUG] thunderbird sending plaintext passwords when talking to ecot
Galen Seitz
galens at seitzassoc.com
Sat Oct 21 04:51:25 UTC 2006
Carlos Konstanski <ckonstanski at pippiandcarlos.com> wrote:
> On Fri, 20 Oct 2006, Galen Seitz wrote:
>
> > Date: Fri, 20 Oct 2006 20:36:19 -0700
> > From: Galen Seitz <galens at seitzassoc.com>
> > Reply-To: "General Linux/UNIX discussion and help; civil and on-topic"
> > <plug at lists.pdxlinux.org>
> > To: "General Linux/UNIX discussion and help; civil and on-topic"
> > <plug at lists.pdxlinux.org>
> > Subject: [PLUG] thunderbird sending plaintext passwords when talking to
> > dovecot
> > I'm seeing a problem where thunderbird sends passwords in the clear
> > while talking to a dovecot imap server. Thunderbird is configured to
> > use imap without SSL, TLS, or secure authentication. This was done
> > intentionally just as a test. Dovecot is configured to disallow
> > plaintext authentication. I was expecting thunderbird to not even
> > attempt to login, but it does anyway. Is this normal?
>
> Here's one solution to throw into the bucket: stunnel. With vm for
> emacs, for example, using an external SSL wrapper is the easy (or only)
> way to encrypt those pesky packets. A .vm config file might start like
> this:
imaps works fine, that's what I'll use. I was just surprised to see
thunderbird making a plaintext login attempt when the imap server said
they were disabled.
galen
More information about the PLUG
mailing list