The server supports authentication methods in which credentials are sent in plaintext over unencrypted channels. If an attacker were to intercept traffic between a client and this server, the credentials would be exposed.
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.