POP2 Cleartext Logins Permitted

low Nessus Plugin ID 15854

Synopsis

The remote POP2 daemon allows credentials to be transmitted in cleartext.

Description

The remote host is running a POP2 daemon that allows cleartext logins over unencrypted connections. An attacker can uncover login names and passwords by sniffing traffic to the POP2 daemon.

Solution

Encrypt traffic with SSL / TLS using stunnel.

Plugin Details

Severity: Low

ID: 15854

File Name: pop2_unencrypted_cleartext_logins.nasl

Version: Revision: 1.11

Type: remote

Family: Misc.

Published: 11/30/2004

Updated: 6/23/2015

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Low

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N