[INN] #93: Possibility to disable unsecured authentication
INN
rra at stanford.edu
Mon Dec 15 22:05:37 UTC 2008
#93: Possibility to disable unsecured authentication
-------------------------+--------------------------------------------------
Reporter: iulius | Owner: eagle
Type: enhancement | Status: new
Priority: low | Milestone:
Component: nnrpd | Version:
Severity: minor | Keywords:
-------------------------+--------------------------------------------------
AUTHINFO USER/PASS exposes the user's password to eavesdropping.
According to RFC 4643: "Any implementation of this command SHOULD be
configurable to disable it whenever a strong encryption layer (such as
that provided by [NNTP-TLS]) is not active, and this configuration SHOULD
be the default. The server will use the 483 response code to indicate
that the datastream is insufficiently secure for the command being
attempted."
--
Ticket URL: <http://inn-new.eyrie.org/trac/ticket/93>
INN <http://www.eyrie.org/~eagle/software/inn/>
InterNetNews
More information about the inn-bugs
mailing list