On Tue, 28 Jan 2003 15:56:55 -0500 Frank Barton <[EMAIL PROTECTED]> wrote:
> I have seen many places saying "Don't use PLAIN or LOGIN methods for SMTP AUTH, >unless they are encrypted" Now my question is this: > I've looked at the actual transfer of an SMTP session where the AUTH LOGIN was used, >and the password wasn't sent in plain-text. Is it trivial to decrypt the > username and password that is sent across the wire, or is there some other >vulnerability? > -- > Frank Barton > Starwolf.biz Systems Administrator > Hi Frank, The authentication data is Base64 encoded text. Yes, it is trivial to decode (man mmencode).