11-04-2013, 12:40 AM #1
MacMail New Account Connects to Server Without SSL Transmits Password in Plain Text
- Member Since
- Nov 04, 2013
I noticed that whenever you set up a new mail account that as soon as you enter the server and the account password, Mac Mail tries to connect to the mail server (i.e. where your email account is hosted). However this connection occurs before you can set the SSL option. So it looks like the initial connection transmits the mail account password as plain text.
It looks to me like all Apple devices (i.e. iPhones, iPads, Mac Computers) use basically the same process, and appear to be trying to make an initial connection to the mail server without using SSL.
This seems like a very insecure configuration. If this is in fact what is happening (and I don't see any evidence to the contrary) then this is a pretty major security flaw. It would mean that users of Mac Mail applications could easily have their passwords read by their ISPs or anyone else who had access to the line during that set up phase.
Any security experts care to comment.
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
By camel77 in forum OS X - Operating SystemReplies: 1Last Post: 12-08-2009, 12:14 PM
By mattahula in forum Movies and VideoReplies: 10Last Post: 04-14-2009, 12:57 PM
By pstein in forum OS X - Apps and GamesReplies: 0Last Post: 04-09-2009, 09:20 AM
By LarryMac in forum OS X - Apps and GamesReplies: 3Last Post: 10-13-2008, 04:11 PM
By drh3010 in forum Switcher HangoutReplies: 7Last Post: 03-10-2008, 11:03 PM