SMTP Service Cleartext Login Permitted
Low Nessus Plugin ID 54582
SynopsisThe remote mail server allows cleartext logins.
DescriptionThe remote host is running an SMTP server that advertises that it allows cleartext logins over unencrypted connections. An attacker may be able to uncover user names and passwords by sniffing traffic to the server if a less secure authentication mechanism (i.e. LOGIN or PLAIN) is used.
SolutionConfigure the service to support less secure authentication mechanisms only over an encrypted channel.