Hi Everyone,
Getting this issue with PCI for: Remote Mail Service Accepting Unencrypted Credentials Detected (IMAP) basically:
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE STARTTLS LOGINDISABLED] Dovecot ready.
vidence: ~$ telnet xxx.xxx.xx.xxx. 143 Trying xxx.xxx.xx.xxx... Connected to xxx.xxx.xx.xxx.. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE LITERAL+ STARTTLS LOGINDISABLED] Dovecot ready. A LOGIN USER PASS * BAD [ALERT] Plaintext authentication not allowed without SSL/TLS, but your client did it anyway. If anyone was listening, the password was exposed. A NO [PRIVACYREQUIRED] Plaintext authentication disallowed on non-secure (SSL/TLS) connections.
We have require clients to connect via tls switched on in exim confirguration and also explained to pci vendor that we dont send cc details at all via email and its only for standard communication.
They are adamant that this nees to be fixed and so far nothing i have read:
forums.cpanel.net
has helped us to fix this.
How can we prevent plaintext authenticatin on 143??? Cannot find any clear information OR more importantly steps on how to fix this. Can you help out here please...
Getting this issue with PCI for: Remote Mail Service Accepting Unencrypted Credentials Detected (IMAP) basically:
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE STARTTLS LOGINDISABLED] Dovecot ready.
vidence: ~$ telnet xxx.xxx.xx.xxx. 143 Trying xxx.xxx.xx.xxx... Connected to xxx.xxx.xx.xxx.. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE LITERAL+ STARTTLS LOGINDISABLED] Dovecot ready. A LOGIN USER PASS * BAD [ALERT] Plaintext authentication not allowed without SSL/TLS, but your client did it anyway. If anyone was listening, the password was exposed. A NO [PRIVACYREQUIRED] Plaintext authentication disallowed on non-secure (SSL/TLS) connections.
We have require clients to connect via tls switched on in exim confirguration and also explained to pci vendor that we dont send cc details at all via email and its only for standard communication.
They are adamant that this nees to be fixed and so far nothing i have read:
Disabling STARTTLS for IMAP services.
Hi. I'm sorry if this has been asked, I couldn't find anything on the forums or internet here. I have my server audited once a week or so. One of the messages that I want fixed is: The remote IMAP service supports the use of the 'STARTTLS' command to switch from a plaintext to an encrypted...
has helped us to fix this.
How can we prevent plaintext authenticatin on 143??? Cannot find any clear information OR more importantly steps on how to fix this. Can you help out here please...
Last edited by a moderator:
