ShareMailPro POP3 Interface Error Message Account Enumeration

medium Nessus Plugin ID 11654

Language:

Synopsis

The remote server is vulnerable to information disclosure.

Description

The remote ShareMail server issues a special error message when a user attempts to log in using a nonexistent POP account.

An attacker may use this flaw to make a list of valid accounts by looking at the error messages it receives at authentication time.

Solution

None at this time.

Plugin Details

Severity: Medium

ID: 11654

File Name: sharemailpro_username_identification.nasl

Version: 1.12

Type: remote

Family: Misc.

Published: 5/27/2003

Updated: 8/8/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 7658

Detections

Analytics