IMAP SASL SASL AUTH DIGEST-MD5 SASL AUTH PLAIN SASL DOWNGRADE RFC2831 # Server-side AUTH DIGEST-MD5 PLAIN REPLY "AUTHENTICATE DIGEST-MD5" + Rubbish REPLY * A002 NO AUTH exchange cancelled by client REPLY "AUTHENTICATE PLAIN" + REPLY %b64[%00user%00secret]b64% A003 OK AUTHENTICATE completed From: me@somewhere To: fake@nowhere body -- yours sincerely # Client-side imap !SSPI Debug crypto digest IMAP DIGEST-MD5 authentication with SASL downgrade 'imap://%HOSTIP:%IMAPPORT/%TESTNUMBER/;MAILINDEX=1' -u user:secret # Verify data after the test has been "shot" A001 CAPABILITY A002 AUTHENTICATE DIGEST-MD5 * A003 AUTHENTICATE PLAIN %b64[%00user%00secret]b64% A004 SELECT %TESTNUMBER A005 FETCH 1 BODY[] A006 LOGOUT