By default, the squirrelmail conf only allows plaintext, but you don’t have to enable that just because of your webmail users. To fix it, just do:
And set Server Settings > Update IMAP Settings > Authentication type > cram-md5. There are a bunch of other useful settings there that should be checked as well. This must be mentioned in the docs as well.