ShareMailPro POP3 Interface Error Message Account Enumeration

medium Nessus Plugin ID 11654

Language:

Synopsis

The remote server is vulnerable to information disclosure.

Description

The remote ShareMail server issues a special error message when a user attempts to log in using a nonexistent POP account.

An attacker may use this flaw to make a list of valid accounts by looking at the error messages it receives at authentication time.

Solution

None at this time.

Plugin Details

Severity: Medium

ID: 11654

File Name: sharemailpro_username_identification.nasl

Version: 1.12

Type: remote

Family: Misc.

Published: 5/27/2003

Updated: 8/8/2018

Supported Sensors: Nessus

Vulnerability Information

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 7658

Detections

Analytics