ALERT

Stop Ransomware Mid-Flight

Password Authentication Protocol (PAP)

Definition - What does Password Authentication Protocol (PAP) mean?

Password Authentication Protocol (PAP) is a simple user authentication protocol that does not encrypt the data and sends the password and username to the authentication server as plain text. PAP is very vulnerable to being read from the Point-to-Point Protocol (PPP) data packets exchanged between the authentication server and the user’s machine. This was primarily used when connecting to old Unix-based servers with no support for more advanced encryption protocols.

Techopedia explains Password Authentication Protocol (PAP)

When PAP is used, the username and password are sent into a remote access server as a single LCP package, instead of the server sending a login request prompt and then waiting for a reply from the user.

There are certain instances where PAPs are considered useful:

  1. When an installed software does not support CHAP or Challenge Handshake Authentication Protocol, a more secure authentication protocol

  2. When there exists incompatibility issues between varied vendor implementations of CHAP

  3. When there are certain events where a simple plaintext password should be available in order to simulate a login at a remote host

Share this: