The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Plaintext credentials transmitted unencrypted

Discussion in 'Security' started by Citizen, Dec 11, 2012.

  1. Citizen

    Citizen Active Member

    Joined:
    Sep 3, 2012
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I'm getting this warning on my security scan:

    It labels port 25 and 587 specifically.

    I checked in WHM and the setting "Allow Plaintext Authentication (from remote clients)" was already set to no. Is this a false positive or is there another step I need to take to secure this?
     
  2. Eric

    Eric Administrator
    Staff Member

    Joined:
    Nov 25, 2007
    Messages:
    746
    Likes Received:
    11
    Trophy Points:
    18
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    Howdy,

    It's easy to test and see which auth types your server allows.

    Code:
    eric@grimlock ~ $ telnet localhost 25
    Trying ::1...
    Connected to localhost.
    Escape character is '^]'.
    220-grimlock.techfiles.org ESMTP Exim 4.80 #2 Sun, 16 Dec 2012 16:15:23 -0600 
    220-We do not authorize the use of this system to transport unsolicited, 
    220 and/or bulk e-mail.
    ehlo there
    250-grimlock.techfiles.org Hello localhost [::1]
    250-SIZE 52428800
    250-8BITMIME
    250-PIPELINING
    250-AUTH PLAIN LOGIN
    250-STARTTLS
    250 HELP
    
    mine offers plain and login.
     

Share This Page