IMAP Service Cleartext Login Permitted

low Nessus Plugin ID 15856


The remote IMAP server allows Cleartext logins.


The remote host is running an IMAP daemon that allows cleartext logins over unencrypted connections. An attacker can uncover user names and passwords by sniffing traffic to the IMAP daemon if a less secure authentication mechanism (eg, LOGIN command, AUTH=PLAIN, AUTH=LOGIN) is used.


Contact your vendor for a fix or encrypt traffic with SSL / TLS using stunnel.

See Also

Plugin Details

Severity: Low

ID: 15856

File Name: imap_unencrypted_cleartext_logins.nasl

Version: Revision: 1.18

Type: remote

Family: Misc.

Published: 11/30/2004

Updated: 5/16/2017

Supported Sensors: Nessus

Risk Information


Risk Factor: Low

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: imap/login, imap/password

Excluded KB Items: imap/false_imap