Netscape Messenging Server User Account Enumeration
Medium Nessus Network Monitor Plugin ID 1788
SynopsisThe remote host may give an attacker information useful for future attacks.
DescriptionThe remote POP server allows an attacker to obtain a list of valid logins on the remote host via a brute force attack. If the user connects to this port and issues the commands : USER 'someusername' PASS 'whatever' a different response will be generated if the account 'someusername' exists or not.
SolutionNo solution is known at this time.