Detections
Analytics

Intellipeer POP3 Server User Account Enumeration

medium Nessus Plugin ID 14829

Language:

Synopsis

The remote server is vulnerable to information disclosure.

Description

The remote POP3 server (probably intellipeer pop3 server) is vulnerable to an account enumeration issue.

If an attacker attempts to log into the remote host by submitting a bogus username, then the server will reply with a specific error message if the account is nonexistent, while it will reply with another message if the account exists.

An attacker may use this flaw to set up a brute-force attack against the remote server to obtain a list of valid user names and accounts.

Solution

Upgrade to Intillipeer POP3 server version 1.02 or later.

See Also

http://www.nettica.com/Downloads/Default.aspx

Plugin Details

Severity: Medium

ID: 14829

File Name: intellipeer_disclosure.nasl

Version: 1.16

Type: remote

Family: Misc.

Published: 9/27/2004

Updated: 7/12/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 9/27/2004

Reference Information

CVE: CVE-2004-2150

BID: 11257