hi all,
i am new to this forum and not sure if this belongs here or on some Thunderbird forum.
Here it is :
while i was sniffing IP traffic (to watch the hackers, i have a lot of TCP port 445 attacks...) on my W98SE (yeah i know...) with Avast 4.5.523 (with mail protection active) & Thunderbird 0.9 (20041103), i got a fright: my IMAP login and password was going on the wire IN THE CLEAR!!!
for the ones familiar with IMAP:
with Thunderbird settings:
Server type: IMAP
Server Name: 127.0.0.1; port=143
User name: <login>#<IMAPserver>
* OK [CAPABILITY IMAP4REV1 X-NETSCAPE LOGIN-REFERRALS AUTH=LOGIN] (omitted IMAP blah blah)
1 LOGIN "<login>" "<password>"
1 OK [CAPABILITY IMAP4REV1 X-NETSCAPE NAMESPACE MAILBOX-REFERRALS SCAN SORT THREAD=REFERENCES THREAD=ORDEREDSUBJECT MULTIAPPEND] User <login> authenticated
... (omitted IMAP conversation doing fine)
BUT with Thunderbird settings:
Server type: IMAP
Server Name: <IMAPserver>; port=143
User name: <login>
* OK [CAPABILITY IMAP4REV1 X-NETSCAPE LOGIN-REFERRALS AUTH=LOGIN] (omitted IMAP blah blah)
1 capability
* CAPABILITY IMAP4REV1 X-NETSCAPE NAMESPACE MAILBOX-REFERRALS SCAN SORT THREAD=REFERENCES THREAD=ORDEREDSUBJECT MULTIAPPEND LOGIN-REFERRALS AUTH=LOGIN
1 OK CAPABILITY completed
2 authenticate login
+ VXNlciBOYW1lAA==
cGF1bEBwdXJqdXMubmV0
+ UGFzc3dvcmQA
TGFUZWI3Q3Vv
2 OK [CAPABILITY IMAP4REV1 X-NETSCAPE NAMESPACE MAILBOX-REFERRALS SCAN SORT THREAD=REFERENCES THREAD=ORDEREDSUBJECT MULTIAPPEND] User <login> authenticated
... (omitted IMAP conversation doing fine)
case 1. the LOGIN command sends login and password in the clear
case 2. the AUTHENTICATE command "cyphers" the login password
Conclusion: Email scanning is working fine with AVAST4.5 BUT quite insecure with the first IMAP settings;
why is Thunderbird not doing the authenticate thing (scrambling login and password with MD5+base64)?
is it something to do with the localhost 127.0.0.1 address?
or is AVAST mail scanning intercepting something and stripping the authenticate command?
Anyone has a clue and/or experienced this?
For the time being i will stop using the mail protection from AVAST because my IMAP server does not have SSL on port 993 nor supports STARTTLS
I have not tried with POP3 which uses the same AUTHENTICATE mechanism i think (IMAP is so much nicer to use!)
Regards from Paris, France.