POP Password Changer (poppassd_pam) Arbitrary User Remote Password Modification

This script is Copyright (C) 2005-2011 Tenable Network Security, Inc.


Synopsis :

Passwords can be changed on the remote POP server.

Description :

The remote host is running POP Password Changer, a server to change
POP user's passwords.

According to the version number, the remote software is vulnerable
to an unauthorized access. An attacker, exploiting this flaw, will
be able to change user's password.

Solution :

Ensure that you are running a patched or more recent version of this software.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 7.5
(CVSS2#E:H/RL:U/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 16139 ()

Bugtraq ID: 12240

CVE ID: