POP Password Changer (poppassd_pam) Arbitrary User Remote Password Modification

high Nessus Plugin ID 16139

Language:

Synopsis

Passwords can be changed on the remote POP server.

Description

The remote host is running POP Password Changer, a server to change POP user's passwords.

According to the version number, the remote software is vulnerable to an unauthorized access. An attacker, exploiting this flaw, will be able to change user's password.

Solution

Ensure that you are running a patched or more recent version of this software.

Plugin Details

Severity: High

ID: 16139

File Name: poppasswd_unauthorized.nasl

Version: 1.12

Type: remote

Family: Misc.

Published: 1/12/2005

Updated: 8/8/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 1/11/2005

Reference Information

BID: 12240

Detections

Analytics