Intellipeer User Account Enumeration
Medium Nessus Network Monitor Plugin ID 2332
SynopsisThe remote host may give an attacker information useful for future attacks.
DescriptionThe remote host is running a POP3 service that allows a remote attacker to determine when a user account is valid. An attacker exploiting this flaw would only need to connect to the port repeatedly while sending different user names. The server will alert the attacker whenever a valid username is sent. This vulnerability is known to affect Intellipeer POP3 server (versions less than or equal to 1.0.1).
SolutionUpgrade or patch according to vendor recommendations.