ShareMailPro POP3 Interface Error Message Account Enumeration

Medium Nessus Plugin ID 11654


The remote server is vulnerable to information disclosure.


The remote ShareMail server issues a special error message when a user attempts to log in using a nonexistent POP account.

An attacker may use this flaw to make a list of valid accounts by looking at the error messages it receives at authentication time.


None at this time.

Plugin Details

Severity: Medium

ID: 11654

File Name: sharemailpro_username_identification.nasl

Version: $Revision: 1.10 $

Type: remote

Family: Misc.

Published: 2003/05/27

Modified: 2011/03/11

Dependencies: 17975

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

Vulnerability Information

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 7658

OSVDB: 57631