Conquer the 2026 CISSP Challenge – Master Your InfoSec Skills with Confidence!

The primary security flaw of the Password Authentication Protocol (PAP) is that it exposes passwords in cleartext. When using PAP, the user's password is transmitted over the network without any encryption, making it vulnerable to interception. This lack of encryption means that if an attacker gains access to the network traffic, they can easily read the usernames and passwords being sent, leading to unauthorized access and potential data breaches.

In contrast, the other options highlight various features or requirements that do not directly relate to the main vulnerability of PAP. For example, two-factor authentication is not a characteristic of PAP; instead, it is a security enhancement that provides additional protection beyond just a password. Similarly, the use of encrypted tokens and compatibility with multiple protocols are features associated with more advanced authentication methods, which are designed to address the weaknesses found in PAP, including the cleartext transmission issue. Therefore, identifying that PAP transmits passwords in cleartext captures the essence of its security deficiency.