Weak default authentication mode
Bug #119358 reported by
otzenpunk
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mozilla Thunderbird |
Fix Released
|
High
|
|||
thunderbird (Ubuntu) |
Fix Released
|
Wishlist
|
Mozilla Bugs |
Bug Description
Binary package hint: mozilla-thunderbird
When starting Thunderbird the first time, the account wizard neither asks for nor provides by default any attempt to secure the password. SSL/TLS is off and so is "secure authentication" via CRAM-MD5 or such. So the password is sent in clear text at least once, as long as you don't interrupt the password dialog after finishing the wizard and turn on "secure authentication" manually.
Thunderbird should use CRAM-MD5 per default, as long as it is accepted by the server. If it is not, Thunderbird should display a warning, that the password is sent in the clear.
Testet with an IMAP-Box, don't know about POP3 or SMTP.
Related branches
Changed in thunderbird: | |
assignee: | rainct → nobody |
status: | Needs Info → Confirmed |
Changed in thunderbird: | |
status: | Unknown → Unconfirmed |
Changed in thunderbird: | |
importance: | Undecided → Wishlist |
Changed in thunderbird: | |
status: | New → Invalid |
Changed in thunderbird: | |
status: | Unknown → Confirmed |
Changed in thunderbird: | |
status: | Confirmed → Fix Released |
Changed in thunderbird: | |
importance: | Unknown → High |
To post a comment you must log in.
Forgot to mention. I posted on forums. mozillazine. org but got no reply. I can
volunteer to implement a fix myself if someone can guide me in the right dimension.