[ https://issues.apache.org/jira/browse/SSHD-948?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Lyor Goldstein reassigned SSHD-948: ----------------------------------- Assignee: Lyor Goldstein > Do not accept password authentication if the session is not encrypted > --------------------------------------------------------------------- > > Key: SSHD-948 > URL: https://issues.apache.org/jira/browse/SSHD-948 > Project: MINA SSHD > Issue Type: Improvement > Affects Versions: 2.3.0 > Reporter: Lyor Goldstein > Assignee: Lyor Goldstein > Priority: Minor > > According to RFC4252 section 8: > {quote} > Both the server and the client should check whether the underlying > transport layer provides confidentiality (i.e., if encryption is > being used). If no confidentiality is provided ("none" cipher), > password authentication SHOULD be disabled. If there is no > confidentiality or no MAC, password change SHOULD be disabled. > {quote} -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org