Disable Plaintext Authentication

An XCCDF Rule

Details
Profiles
Prose

Description

To prevent Dovecot from attempting plaintext authentication of clients, edit /etc/dovecot/conf.d/10-auth.conf and add\or correct the following line:

disable_plaintext_auth = yes

Rationale

Using plain text authentication to the mail server could allow an attacker access to credentials by monitoring network traffic.

ID: xccdf_org.ssgproject.content_rule_dovecot_disable_plaintext_auth
Severity: Unknown
References: CCE-80299-1
Updated: about 1 year ago