Synopsis
The remote POP2 daemon allows credentials to be transmitted in cleartext.
Description
The remote host is running a POP2 daemon that allows cleartext logins over unencrypted connections. An attacker can uncover login names and passwords by sniffing traffic to the POP2 daemon.
Solution
Encrypt traffic with SSL / TLS using stunnel.
Plugin Details
File Name: pop2_unencrypted_cleartext_logins.nasl
Supported Sensors: Nessus
Risk Information
Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N