Our Tenable scans have detected “XMPP Cleartext authentication” on my Openfire server (version 4.2.3) which is slated to replace my current Openfire v3.10.2 server soon. When it was detected on my current/old server, I was able to mitigate it by adding/editing the sasl.mechs server property to read: CRAM-MD5,DIGEST-MD5,ANONYMOUS,JIVE-SHAREDSECRET,GSSAPI,EXTERNAL. (removing PLAIN from the list) But when I try the same on my new/upcoming server, Spark fails to connect. But when I remove the sasl.mechs property, Spark connects fine. Unfortunately, I cannot remember if changing the sasl.mechs was the only thing I’d done or if I am missing additional steps. Any insights? Has anyone else had to deal with mitigating this issue?