ShareMailPro POP3 Interface Error Message Account Enumeration

This script is Copyright (C) 2003-2011 Tenable Network Security, Inc.

Synopsis :

The remote server is vulnerable to information disclosure.

Description :

The remote ShareMail server issues a special error message
when a user attempts to log in using a nonexistent POP

An attacker may use this flaw to make a list of valid accounts
by looking at the error messages it receives at authentication

Solution :

None at this time.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 5.0
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 11654 ()

Bugtraq ID: 7658


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now