Summary
The remote server appears to be running a version of QPopper that is older than 4.0.6.
Versions older than 4.0.6 are vulnerable to a bug where remote attackers can enumerate valid usernames based on server responses during the authentication process.
Solution
None at this time
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apple Safari 'Webkit' Multiple Vulnerabilities -01 Feb15 (Mac OS X)
- Apache Error Log Escape Sequence Injection
- Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Windows)
- Adobe Reader Information Disclosure & Denial of Service Vulnerabilities (Windows)
- Apache Tomcat Multiple Vulnerabilities-01 (Nov14)