Skip to content

Disable Plaintext Authentication

An XCCDF Rule

Description

To prevent Dovecot from attempting plaintext authentication of clients, edit /etc/dovecot/conf.d/10-auth.conf and add\or correct the following line:

disable_plaintext_auth = yes

Rationale

Using plain text authentication to the mail server could allow an attacker access to credentials by monitoring network traffic.

ID
xccdf_org.ssgproject.content_rule_dovecot_disable_plaintext_auth
Severity
Unknown
Updated