View Single Post
Old 29th March 2007, 11:59
till till is offline
Super Moderator
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,652 Times in 4,461 Posts

Maybe a additional sidenote. I see the problem that vogelor describes, but I wont call it a big security problem in general and it affects any unencrypted email communication on the net and alsmost all users use unencrypted FTP, so it makes no difference if the cleartext password is in a FTP or smtp communication stream. If you want to read the cleartext communication, you must do a man in the middle attack. So you must either hack the client or the gateway of the client. In this case you may install a keylogger on the client as well and dont have to listen to the streams. The next possibility is that the target server is hacked, but then I dont need the client password anymore. The remaining possibility is that some of the routers are hacked, which is possible but does it really happen that often? I guess the telcos have some good security guys.
Till Brehm
Get ISPConfig support and the ISPConfig 3 manual from
Reply With Quote