Closed
Bug 383841
Opened 17 years ago
Closed 16 years ago
Weak default authentication mode - using plain text passwords
Categories
(Thunderbird :: Preferences, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 221030
People
(Reporter: reisswolf_nospam, Unassigned)
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.4) Gecko/20061201 Galeon/2.0.2 (Ubuntu package 2.0.2-4ubuntu1) Firefox/2.0.0.4 (Ubuntu-feisty) Build Identifier: Version 1.5.0.12 (20070604) Thunderbird uses plain text passwords by default, even if the server is capable of cram-md5 or some other secure mechanism. When starting TB for the first time, the account wizard doesn't even ask if one would like to use secure authentication. Therefore many unknowledgeable people use plain text passwords. Instead TB should turn 'secure authentication' on by default and maybe fall back to plain text, if necessary. Perhaps a warning should be issued, when passwords are going to be sent in the clear. Reproducible: Always Steps to Reproduce: 1. Install Thunderbird (or delete your user preferences) 2. Follow the account wizard 3. Enter your password as requested Actual Results: Password is sent in clear. Expected Results: Password should be sent by a secure mechanism, if the server allows it. Tested on Ubuntu Linux with an IMAP account on a Cyrus IMAP server.
Adding a "secure authentication" option is included in the account wizard redesign, as proposed in bug 221030. This is also related to bug 387421 for automatically probing the mail server capabilities during account setup.
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•