From: Timo Sirainen Date: Fri, 16 May 2003 17:09:42 +0000 (+0300) Subject: If client tries to do LOGIN even if it's disabled, send [ALERT] to user. X-Git-Tag: 1.1.alpha1~4632 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=858ab3c731f91cc5bb0a1454fd8deb86b0271b52;p=thirdparty%2Fdovecot%2Fcore.git If client tries to do LOGIN even if it's disabled, send [ALERT] to user. --HG-- branch : HEAD --- diff --git a/src/imap-login/client-authenticate.c b/src/imap-login/client-authenticate.c index 3f1035ba9b..4eddbd1c2d 100644 --- a/src/imap-login/client-authenticate.c +++ b/src/imap-login/client-authenticate.c @@ -167,6 +167,10 @@ int cmd_login(struct imap_client *client, struct imap_arg *args) pass = IMAP_ARG_STR(&args[1]); if (!client->tls && disable_plaintext_auth) { + client_send_line(client, + "* BAD [ALERT] Plaintext authentication is disabled, " + "but your client sent password in plaintext anyway." + "If anyone was listening, the password was exposed."); client_send_tagline(client, "NO Plaintext authentication disabled."); return TRUE;