Wednesday, June 20, 2001, 2:00:11 PM, James Oakley wrote: JO> On June 19, 2001 11:01 pm, Steven Hatfield wrote:
I asked the same question and all I got was "because it sends usernames/passwords in cleartext". The same can be said for telnet, ftp, and pop3, which are all in that same configuration file w/o the gratuitous warning.
If anyone can expand on why imap is so insecure, please do.
JO> That is a big thing. Anybody can sniff out your username/password. JO> This is, of course, doubly-bad due to the fact that IMAP will let you access JO> files in your home directory. Sure, but the question still remains: Why is there the warning in inetd.conf about IMAP being insecure, but no warnings for telnet, ftp or pop3? ftp lets you access files in your home directory, and someone could do quite a bit of damage with telnet too. Olly