POP Password Changer Unauthorized Password Change

medium Nessus Network Monitor Plugin ID 2518

Synopsis

The remote host is vulnerable to a flaw that allows for the bypassing of authentication

Description

The remote host is running POP Password Changer, a server used to change POP users' passwords, that is vulnerable to unauthorized access. An attacker exploiting this flaw will be able to change users' passwords.

Solution

Upgrade or patch according to vendor recommendations.

Plugin Details

Severity: Medium

ID: 2518

Family: POP Server

Published: 8/18/2004

Updated: 3/6/2019

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:H/RL:U/RC:C

Reference Information

BID: 12240