Opened 11 years ago

Last modified 3 years ago

#93 new enhancement

Possibility to disable unsecured authentication

Reported by: Julien ÉLIE Owned by: eagle
Priority: low Milestone: 2.6.x
Component: nnrpd Version:
Severity: minor Keywords: compliance
Cc:

Description

AUTHINFO USER/PASS exposes the user's password to eavesdropping.

According to RFC 4643: "Any implementation of this command SHOULD be configurable to disable it whenever a strong encryption layer (such as that provided by [NNTP-TLS]) is not active, and this configuration SHOULD be the default. The server will use the 483 response code to indicate that the datastream is insufficiently secure for the command being attempted."

Change History (4)

comment:1 Changed 11 years ago by Julien ÉLIE

Keywords: compliance added

comment:2 Changed 10 years ago by Julien ÉLIE

Milestone: 2.6.0

comment:3 Changed 5 years ago by Julien ÉLIE

Milestone: 2.6.02.6.1

comment:4 Changed 3 years ago by Julien ÉLIE

Milestone: 2.6.12.6.x

Milestone renamed

Note: See TracTickets for help on using tickets.