This authentication protocol sends the client's password in the clear. It should be used only when needed for backwards compatibility, and only where the chances of eavesdropping is deemed acceptable, such as relatively isolated networks. Passwords sent to such servers should never be the same as passwords used for more secure servers.