Opened 15 years ago
Last modified 7 years ago
#93 new enhancement
Possibility to disable unsecured authentication
| Reported by: | Julien ÉLIE | Owned by: | eagle |
|---|---|---|---|
| Priority: | low | Milestone: | 2.6.x |
| Component: | nnrpd | Version: | |
| Severity: | minor | Keywords: | compliance |
| Cc: |
Description
AUTHINFO USER/PASS exposes the user's password to eavesdropping.
According to RFC 4643: "Any implementation of this command SHOULD be configurable to disable it whenever a strong encryption layer (such as that provided by [NNTP-TLS]) is not active, and this configuration SHOULD be the default. The server will use the 483 response code to indicate that the datastream is insufficiently secure for the command being attempted."
Change History (4)
comment:1 Changed 15 years ago by
| Keywords: | compliance added |
|---|
comment:2 Changed 14 years ago by
| Milestone: | → 2.6.0 |
|---|
comment:3 Changed 9 years ago by
| Milestone: | 2.6.0 → 2.6.1 |
|---|
comment:4 Changed 7 years ago by
| Milestone: | 2.6.1 → 2.6.x |
|---|
Note: See
TracTickets for help on using
tickets.
Milestone renamed