[PLUG] thunderbird sending plaintext passwords when talking to ecot

Galen Seitz galens at seitzassoc.com
Sat Oct 21 04:51:25 UTC 2006


Carlos Konstanski <ckonstanski at pippiandcarlos.com> wrote:

> On Fri, 20 Oct 2006, Galen Seitz wrote:
> 
> > Date: Fri, 20 Oct 2006 20:36:19 -0700
> > From: Galen Seitz <galens at seitzassoc.com>
> > Reply-To: "General Linux/UNIX discussion and help;	civil and on-topic"
> >     <plug at lists.pdxlinux.org>
> > To: "General Linux/UNIX discussion and help;	civil and on-topic"
> >     <plug at lists.pdxlinux.org>
> > Subject: [PLUG] thunderbird sending plaintext passwords when talking to
> >     	dovecot
> > I'm seeing a problem where thunderbird sends passwords in the clear
> > while talking to a dovecot imap server.  Thunderbird is configured to
> > use imap without SSL, TLS, or secure authentication.  This was done
> > intentionally just as a test.  Dovecot is configured to disallow
> > plaintext authentication.  I was expecting thunderbird to not even
> > attempt to login, but it does anyway.  Is this normal?
> 
> Here's one solution to throw into the bucket: stunnel.  With vm for
> emacs, for example, using an external SSL wrapper is the easy (or only)
> way to encrypt those pesky packets.  A .vm config file might start like
> this:

imaps works fine, that's what I'll use.  I was just surprised to see
thunderbird making a plaintext login attempt when the imap server said
they were disabled.

galen



More information about the PLUG mailing list