Cleartext sensitive information transmission
- Passwords are sent in cleartext over the wire
- Malicious users can sniff passwords and use them to impersonate legitimate users
- Possible remedies
- Digest-MD5: use special one-use tokens to ensure the user knows password, without revealing password
- Any number of public key solutions