1
Chat - Clear text authentication
Problem reported by Nicolas Le Merle - October 20, 2014 at 1:43 AM
Resolved
Hi Guys,
 
Iv just upgraded to SM Enterprise and upon testing the chat feature iv noticed in the "XMPP Logs" its passing through usernames and password in clear text.
 
This seems rather concerning to me. Has anyone else noticed this and maybe have an explanation ?

Cheers,
Nic

4 Replies

Reply to Thread
0
Bruce Barnes Replied
October 20, 2014 at 9:31 AM
What version of SmarterMail are you running?  I believe this was addressed in SmarterMail version 12.X
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
1
Robert Emmett Replied
October 21, 2014 at 3:14 PM
Employee Post
Nicolas/Bruce, you are correct in that SmarterMail currently does not support TLS with the XMPP.  This is a known issue and is currently being addressed.  The TLS update to XMPP will be included in a future release.  To facilitate this issue, I am changing this thread from question to problem and setting it to "Being Fixed."
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
2
Matt Petty Replied
November 5, 2014 at 1:40 PM
Employee Post
With the release of Version 13 of SmarterMail we now have SASL authentication with digest methods to allow non-plaintext authentication. TLS/SSL support is added but is experimental.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
1
Bruce Barnes Replied
November 5, 2014 at 1:52 PM
Thanks for the update, Matt -

Looking forward to checking this out and playing with the TLS portion of it.  
 
As an FYI, Microsoft is officially sunsetting all SSL on 1 December, 2014, per their announcement in Redmond Magazine:
 
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting

Reply to Thread