| VID |
18076 |
| Severity |
20 |
| Port |
110 |
| Protocol |
TCP |
| Class |
POP3 |
| Detailed Description |
The Intellipeer pop3 server is vulnerable to a user account enumeration vulnerability. Nettica Corporation Intellipeer Email Server is an email server with a POP3 component for Microsoft Windows operating systems. Intellipeer Email Server versions 1.01 and earlier could allow a remote attacker to obtain valid user accounts. If a remote attacker attempts to log into the affected host by submitting a bogus user account, then the server will reply with a specific error message if the account is non-existant, while it will reply with another message if the account exists. An attacker could use this flaw to obtain a list of valid user accounts, and then use brute force techniques to find a valid password to gain access to the system.
* References:
http://secunia.com/advisories/12661/
http://www.securitytracker.com/alerts/2004/Sep/1011425.html
* Platforms Affected:
Nettica corp., Intellipeer Email Server versions 1.01 and earlier
Microsoft Windows Any version |
| Recommendation |
Update to the latest version of Intellipeer Email Server (1.02 or later), available from Intellipeer Download Web site at http://www.nettica.com/Downloads/Default.aspx |
| Related URL |
CVE-2004-2150 (CVE) |
| Related URL |
11257 (SecurityFocus) |
| Related URL |
17510 (ISS) |
|
