POP Password Changer Unauthorized Password Change

Medium Nessus Network Monitor Plugin ID 2518

Synopsis

The remote host is vulnerable to a flaw that allows for the bypassing of authentication

Description

The remote host is running POP Password Changer, a server used to change POP users' passwords, that is vulnerable to unauthorized access. An attacker exploiting this flaw will be able to change users' passwords.

Solution

Upgrade or patch according to vendor recommendations.

Plugin Details

Severity: Medium

ID: 2518

File Name: 2518.prm

Family: POP Server

Published: 2004/08/18

Modified: 2016/11/23

Dependencies: 3035

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.4

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:H/RL:U/RC:C

CVSSv3

Base Score: 6.4

Temporal Score: 6.4

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS3#E:H/RL:U/RC:C

Reference Information

BID: 12240