I have seen many places saying "Don't use PLAIN or LOGIN methods for SMTP AUTH, unless they are encrypted" Now my question is this: I've looked at the actual transfer of an SMTP session where the AUTH LOGIN was used, and the password wasn't sent in plain-text. Is it trivial to decrypt the username and password that is sent across the wire, or is there some other vulnerability? -- Frank Barton Starwolf.biz Systems Administrator
msg10796/pgp00000.pgp
Description: PGP signature
