The network security assessment suggest to disable plain-text connection, may I know how to check openfire server allow plain text connection or not?
Which Openfire version? In the latest version it is in Admin Console > Server Settings > Client Connections > STARTTLS policy. You can set it to Required to only allow encrypted connections. That's for the clients. For Admin Console itself, you can edit openfire.xml and replace 9090 with -1 to disable plain text port 9090.