Vulnerabilities > CVE-2000-0960 - Unspecified vulnerability in Netscape Messaging Server 4.15

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
netscape
nessus
NVD
Published: 2000-12-19
Updated: 2017-10-10

Summary

The POP3 server in Netscape Messaging Server 4.15p1 generates different error messages for incorrect user names versus incorrect passwords, which allows remote attackers to determine valid users on the system and harvest email addresses for spam abuse.

Vulnerable Configurations

Part Description Count
Application
Netscape
3

Nessus

NASL familyMisc.
NASL idNETSCAPE_POP_AUTH.NASL
descriptionThe remote POP server allows an attacker to obtain a list of valid logins on the remote host, thanks to a brute-force attack. If the user connects to this port and issues the commands : USER
last seen2020-06-01
modified2020-06-02
plugin id10681
published2001-05-29
reporterThis script is Copyright (C) 2001-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/10681
titleNetscape Messenging Server POP3 Error Message User Account Enumeration
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if(description)
{
 script_id(10681);
 script_version ("1.23");
 script_cve_id("CVE-2000-0960");
 script_bugtraq_id(1787);

 script_name(english:"Netscape Messenging Server POP3 Error Message User Account Enumeration");

 script_set_attribute(attribute:"synopsis", value:
"The remote POP server allows an attacker to determine whether
a given username exists or not." );
 script_set_attribute(attribute:"description", value:
"The remote POP server allows an attacker to obtain a list
of valid logins on the remote host, thanks to a brute-force
attack.

If the user connects to this port and issues the commands :
USER 'someusername'
PASS 'whatever'

the user will then get a different response whether the account
'someusername' exists or not." );
 script_set_attribute(attribute:"solution", value:
"None at this time." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"plugin_publication_date", value: "2001/05/29");
 script_set_attribute(attribute:"vuln_publication_date", value: "2000/10/11");
 script_cvs_date("Date: 2018/07/17 12:00:07");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe",value:"cpe:/a:netscape:messaging_server");
script_end_attributes();

 script_summary(english:"Checks the error messages issued by the pop3 server");
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2001-2018 Tenable Network Security, Inc.");
 script_family(english:"Misc.");
 script_dependencie("find_service1.nasl");
 script_exclude_keys("global_settings/supplied_logins_only");
 script_require_ports("Services/pop3", 110);
 exit(0);
}

#
# The script code starts here
#

include("audit.inc");
include("global_settings.inc");
include("pop3_func.inc");

if (supplied_logins_only) audit(AUDIT_SUPPLIED_LOGINS_ONLY);

port = get_kb_item("Services/pop3");
if (!port) port = 110;
banner =  get_pop3_banner(port:port);
if ( ! banner || "Netscape Messaging Server" >!< banner ) exit(0);

if (get_port_state(port))
{
 soc = open_sock_tcp(port);

 if (soc)
 {
  r = recv_line(socket:soc, length:4096);
  if(r)
  {
   send(socket:soc, data:string("USER nessus", rand(), "\r\n"));
   r = recv_line(socket:soc, length:4096);
   send(socket:soc, data:string("PASS nessus", rand(), "\r\n"));
   r = recv_line(socket:soc, length:4096);
   close(soc);
   if(r && "User unknown" >< r)security_warning(port);
  }
 }
}

References