Endymion MailMan Detection
Medium Nessus Network Monitor Plugin ID 2742
SynopsisThe remote host may give an attacker information useful for future attacks.
DescriptionThe remote host is running the Endymion MailMan application. This application allows remote users to access their email via a web interface. There have been many flaws found in the mailman.cgi perl script. In addition, the current features of Mailman allow it to be used as a remote attack tool. As Mailman takes Username, Password, and Server as arguments for login, it is possible to use Mailman as a POP3 scanner and/or brute-force password scanner. For example, an attacker could automate an attack against internal POP3 accounts by simply bouncing the attack through an instance of Mailman in the DMZ. An attacker without access to the internal network would still be able to brute-force valid accounts simply by using Mailman to identify internal POP3 servers and then bouncing the attack through Mailman.
SolutionEnsure that this application is authorized and properly protected.