POP3 Unencrypted Cleartext Logins Network Vulnerability

Summary

The remote host is running a POP3 daemon that allows cleartext logins over unencrypted connections. An attacker can uncover user names and passwords by sniffing traffic to the POP3 daemon if a less secure authentication mechanism (eg, USER command, AUTH PLAIN, AUTH LOGIN) is used.

Solution

Contact your vendor for a fix or encrypt traffic with SSL / TLS using stunnel.

References

http://www.ietf.org/rfc/rfc2222.txt
http://www.ietf.org/rfc/rfc2595.txt

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:P/I:N/A:N

Related Vulnerabilities

CuteNews Version Detection for Windows
Amanda Index Server version
Becky Internet Mail Version Detection
IRC daemon identification
HTTP-Version Detection

Take action and discover your vulnerabilities