Disable Plaintext Authentication
An XCCDF Rule
Description
To prevent Dovecot from attempting plaintext authentication of clients,
edit /etc/dovecot/conf.d/10-auth.conf
and add\or correct the
following line:
disable_plaintext_auth = yes
Rationale
Using plain text authentication to the mail server could allow an attacker access to credentials by monitoring network traffic.
- ID
- xccdf_org.ssgproject.content_rule_dovecot_disable_plaintext_auth
- Severity
- Unknown
- Updated