Which protocol is commonly cited as transmitting credentials in cleartext?

Prepare for the Wireshark Traffic Analysis Exam. Study with flashcards and multiple choice questions, each question includes hints and explanations. Ace your exam!

Multiple Choice

Which protocol is commonly cited as transmitting credentials in cleartext?

Explanation:
Credentials traveling in the clear is a security pitfall, and FTP is the classic example. In the original FTP protocol, authentication happens over the control channel with the USER and PASS commands, and both the username and password are sent as plain ASCII without encryption. That means anyone sniffing network traffic can read the credentials directly. To avoid this, FTP should be replaced by secure variants like FTPS (FTP over TLS) or SFTP (SSH-based). While HTTP, SMTP, and IMAP can also send credentials without encryption if not secured (e.g., plain HTTP or unencrypted SMTP/IMAP), they’re not the standard teaching example the way FTP is, and in practice they’re often protected with TLS/SSL.

Credentials traveling in the clear is a security pitfall, and FTP is the classic example. In the original FTP protocol, authentication happens over the control channel with the USER and PASS commands, and both the username and password are sent as plain ASCII without encryption. That means anyone sniffing network traffic can read the credentials directly. To avoid this, FTP should be replaced by secure variants like FTPS (FTP over TLS) or SFTP (SSH-based). While HTTP, SMTP, and IMAP can also send credentials without encryption if not secured (e.g., plain HTTP or unencrypted SMTP/IMAP), they’re not the standard teaching example the way FTP is, and in practice they’re often protected with TLS/SSL.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy