Summary
The remote host is running a POP3 daemon that allows cleartext logins over unencrypted connections. An attacker can uncover user names and passwords by sniffing traffic to the POP3 daemon if a less secure authentication mechanism (eg, USER command, AUTH PLAIN, AUTH LOGIN) is used.
Solution
Contact your vendor for a fix or encrypt traffic with SSL / TLS using stunnel.
References
Updated on 2015-03-25