Public bug reported: Binary package hint: mozilla-thunderbird
When starting Thunderbird the first time, the account wizard neither asks for nor provides by default any attempt to secure the password. SSL/TLS is off and so is "secure authentication" via CRAM-MD5 or such. So the password is sent in clear text at least once, as long as you don't interrupt the password dialog after finishing the wizard and turn on "secure authentication" manually. Thunderbird should use CRAM-MD5 per default, as long as it is accepted by the server. If it is not, Thunderbird should display a warning, that the password is sent in the clear. Testet with an IMAP-Box, don't know about POP3 or SMTP. ** Affects: thunderbird (Ubuntu) Importance: Undecided Status: Unconfirmed ** Visibility changed to: Public -- Weak default authentication mode https://bugs.launchpad.net/bugs/119358 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs