Public bug reported:
Binary package hint: mozilla-thunderbird
When starting Thunderbird the first time, the account wizard neither
asks for nor provides by default any attempt to secure the password.
SSL/TLS is off and so is "secure authentication" via CRAM-MD5 or such.
So the password is sent in clear text at least once, as long as you
don't interrupt the password dialog after finishing the wizard and turn
on "secure authentication" manually.
Thunderbird should use CRAM-MD5 per default, as long as it is accepted
by the server. If it is not, Thunderbird should display a warning, that
the password is sent in the clear.
Testet with an IMAP-Box, don't know about POP3 or SMTP.
** Affects: thunderbird (Ubuntu)
Importance: Undecided
Status: Unconfirmed
** Visibility changed to: Public
--
Weak default authentication mode
https://bugs.launchpad.net/bugs/119358
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
