Vulnerabilities > CVE-2002-1416 - Information Disclosure vulnerability in WebEasyMail POP3 Server Valid User Name

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

webeasymail

NVD

Published: 2003-04-11

Updated: 2008-09-05

Summary

The POP3 service for WebEasyMail 3.4.2.2 and earlier generates diffferent error messages for valid and invalid usernames during authentication, which makes it easier for remote attackers to conduct brute force attacks.

Vulnerable Configurations

Part	Description	Count
Application	Webeasymail Webeasymail Webeasymail *	1

References

http://online.securityfocus.com/archive/1/288222
http://www.iss.net/security_center/static/9925.php
http://www.securityfocus.com/bid/5519