MD5-CRYPT/CRAM-MD5 vs SHA512-CRYPT/PLAIN

Daniel Parthey pada at posteo.de
Sat Dec 6 13:40:55 UTC 2014


Am 6. Dezember 2014 13:10:58 MEZ, schrieb Reindl Harald <h.reindl at thelounge.net>:
>
>Am 06.12.2014 um 06:56 schrieb Jan Wideł:
>> If you add disable_plaintext_auth=yes ssl=required settings, then
>> dovecot will drop authentication without STARTTLS. But damage will be
>> done, client will send unencrypted (or in this scenario MD5 or SHA512
>> hash) login/password
>
>no, damage will *not* be done
>
>STARTTLS happens in context of connect and *log before* any 
>authentication is tried the handshake between client/server fails

If the client is misconfigured to not strictly require STARTTLS, but to allow plaintext authentication too, and some man in the middle strips the STARTTLS capability from the server capability message, then the client will probably send its password login attempt in plaintext, without even trying to establish a STARTTLS session, because the server seemed to be incapable of STARTTLS.

So you might need to teach your users to enforce STARTTLS in their email client in order to mitigate MITM attacks.

Regards
Daniel



More information about the dovecot mailing list