Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Endymion MailMan Detection

Medium

Synopsis

The remote host may give an attacker information useful for future attacks.

Description

The remote host is running the Endymion MailMan application. This application allows remote users to access their email via a web interface. There have been many flaws found in the mailman.cgi perl script. In addition, the current features of Mailman allow it to be used as a remote attack tool. As Mailman takes Username, Password, and Server as arguments for login, it is possible to use Mailman as a POP3 scanner and/or brute-force password scanner. For example, an attacker could automate an attack against internal POP3 accounts by simply bouncing the attack through an instance of Mailman in the DMZ. An attacker without access to the internal network would still be able to brute-force valid accounts simply by using Mailman to identify internal POP3 servers and then bouncing the attack through Mailman.

Solution

Ensure that this application is authorized and properly protected.