Comment 24 for bug 119358

Binary package hint: mozilla-thunderbird

When starting Thunderbird the first time, the account wizard neither asks for nor provides by default any attempt to secure the password. SSL/TLS is off and so is "secure authentication" via CRAM-MD5 or such. So the password is sent in clear text at least once, as long as you don't interrupt the password dialog after finishing the wizard and turn on "secure authentication" manually.

Thunderbird should use CRAM-MD5 per default, as long as it is accepted by the server. If it is not, Thunderbird should display a warning, that the password is sent in the clear.

Testet with an IMAP-Box, don't know about POP3 or SMTP.