[INN] #93: Possibility to disable unsecured authentication

INN rra at stanford.edu
Mon Dec 15 22:05:37 UTC 2008

#93: Possibility to disable unsecured authentication
 Reporter:  iulius       |       Owner:  eagle
     Type:  enhancement  |      Status:  new  
 Priority:  low          |   Milestone:       
Component:  nnrpd        |     Version:       
 Severity:  minor        |    Keywords:       
 AUTHINFO USER/PASS exposes the user's password to eavesdropping.

 According to RFC 4643:  "Any implementation of this command SHOULD be
 configurable to disable it whenever a strong encryption layer (such as
 that provided by [NNTP-TLS]) is not active, and this configuration SHOULD
 be the default.  The server will use the 483 response code to indicate
 that the datastream is insufficiently secure for the command being

Ticket URL: <http://inn-new.eyrie.org/trac/ticket/93>
INN <http://www.eyrie.org/~eagle/software/inn/>

More information about the inn-bugs mailing list