Security risk of POP3 & IMAP protocols

Peter A. Friend octavian at corp.earthlink.net
Thu Feb 12 18:17:00 EST 2009


On Feb 12, 2009, at 2:49 PM, Jason Voorhees wrote:

> Hi people:
>
> A friend of mine is asking me about security risks of using IMAP &
> POP3 protocols. Why? Because a sales person told my friend that IMAP
> protocol is less secure than POP3 protocol. This assumption is not
> related to Cyrus IMAP, instead is related only to the protocols.
> I'm searching at Google something about POP3 & IMAP security but I'm
> not pretty sure about comments I can found in forums or other sites.
>
> Does anybody here know anything about security risk of these
> protocols? Is it true that one of them is less secure than the other
> one?
>

I suppose that depends on one's definition of "security". There are  
secure authentication mechanisms available for both protocols, and you  
can use TLS. The more complex an application is the more opportunity  
there is for programmers to make mistakes or not properly validate  
inputs. Since IMAP is vastly more complicated that POP in it's  
operation, one could argue that an IMAP implementation is more likely  
to have exploitable bugs.

Peter

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090212/f985bf96/attachment.html 


More information about the Info-cyrus mailing list