Re: SMTP AUTH LOGIN question
From: bugtraq (reitenba@fh-brandenburg.de)
Date: 01/29/03
- Previous message: Nick Santucci: "Re: Listing processes and killing processes through command line in W indows"
- In reply to: Frank Barton: "SMTP AUTH LOGIN question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: bugtraq <reitenba@fh-brandenburg.de> To: security-basics@securityfocus.com Date: Wed, 29 Jan 2003 23:14:45 +0100
Am Dienstag, 28. Januar 2003 21:56 schrieb Frank Barton:
> I have seen many places saying "Don't use PLAIN or LOGIN methods for SMTP
> AUTH, unless they are encrypted" Now my question is this: I've looked at
> the actual transfer of an SMTP session where the AUTH LOGIN was used, and
> the password wasn't sent in plain-text. Is it trivial to decrypt the
> username and password that is sent across the wire, or is there some other
> vulnerability?
i think it's just only base64 encoded.
buzz
- Next message: James Taylor: "RE: Need recommendations about IDS Systems"
- Previous message: Nick Santucci: "Re: Listing processes and killing processes through command line in W indows"
- In reply to: Frank Barton: "SMTP AUTH LOGIN question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
