NNTP Service Cleartext Login Permitted
Low Nessus Plugin ID 57335
SynopsisThe remote NNTP server allows cleartext logins.
DescriptionThe remote host is running an NNTP server that advertises that it allows cleartext logins over unencrypted connections. An attacker may be able to uncover user names and passwords by sniffing traffic to the server if a less secure authentication mechanism (i.e. LOGIN or PLAIN) is used.
SolutionConfigure the service to support less secure authentication mechanisms only over an encrypted channel.