POP Password Changer Unauthorized Password Change

Medium Nessus Network Monitor Plugin ID 2518

Synopsis

The remote host is vulnerable to a flaw that allows for the bypassing of authentication

Description

The remote host is running POP Password Changer, a server used to change POP users' passwords, that is vulnerable to unauthorized access. An attacker exploiting this flaw will be able to change users' passwords.

Solution

Upgrade or patch according to vendor recommendations.

Plugin Details

Severity: Medium

ID: 2518

Family: POP Server

Published: 2004/08/18

Updated: 2019/03/06

Dependencies: 3035

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.4

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:H/RL:U/RC:C

CVSS v3.0

Base Score: 6.4

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:H/RL:U/RC:C

Reference Information

BID: 12240