vpopmail vchkpw USER/PASS Command Format String

Medium Nessus Plugin ID 10463


The remote web server has a PHP script that is affected by a denial of service vulnerability.


The remote vpopmail server is vulnerable to an input validation bug that could allow any user to crash the server by providing a specially crafted username.


Upgrade to vpopmail 4.8 or later.

Plugin Details

Severity: Medium

ID: 10463

File Name: vpop_input_validation.nasl

Version: $Revision: 1.21 $

Type: remote

Published: 2000/07/15

Modified: 2015/12/23

Dependencies: 10196, 17975

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

Vulnerability Information

Excluded KB Items: global_settings/supplied_logins_only

Vulnerability Publication Date: 2000/06/26

Reference Information

CVE: CVE-2000-0583

BID: 1418

OSVDB: 362