Netscape Messenging Server POP3 Error Message User Account Enumeration
Medium Nessus Plugin ID 10681
SynopsisThe remote POP server allows an attacker to determine whether a given username exists or not.
DescriptionThe remote POP server allows an attacker to obtain a list of valid logins on the remote host, thanks to a brute-force attack.
If the user connects to this port and issues the commands :
USER 'someusername' PASS 'whatever'
the user will then get a different response whether the account 'someusername' exists or not.
SolutionNone at this time.