Summary
The remote server appears to be running a version of QPopper that is older than 4.0.6.
Versions older than 4.0.6 are vulnerable to a bug where remote attackers can enumerate valid usernames based on server responses during the authentication process.
Solution
None at this time
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Linux)
- Apache /server-info accessible
- Apple iTunes Insecure Permissions Privilege Escalation Vulnerability (Mac OS X)
- CA Gateway Security Remote Code Execution Vulnerability
- Asterisk RTP Comfort Noise Processing Remote Denial of Service Vulnerability