This script is Copyright (C) 2007-2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
Matthias Andree reports :
The POP3 standard, currently RFC-1939, has specified an optional,
MD5-based authentication scheme called 'APOP' which no longer should
be considered secure.
Additionally, fetchmail's POP3 client implementation has been
validating the APOP challenge too lightly and accepted random garbage
as a POP3 server's APOP challenge. This made it easier than necessary
for man-in-the-middle attackers to retrieve by several probing and
guessing the first three characters of the APOP secret, bringing brute
forcing the remaining characters well within reach.
See also :
Update the affected package.
Risk factor :
Low / CVSS Base Score : 2.6