The remote host allows attackers to bypass user authentication.
The remote host is running SquirrelMail, a webmail system written in PHP. Versions of SquirrelMail prior to 1.4.4 are vulnerable to an email HTML injection vulnerability. A remote attacker can exploit this flaw to gain access to users' accounts.
Upgrade to SquirrelMail 1.4.4 or higher.