Vulnerabilities > CVE-2004-2150 - Information Exposure Through Discrepancy vulnerability in Nettica Intellipeer Email Server 1.01
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Nettica Corporation INTELLIPEER Email Server 1.01 displays different error messages for valid and invalid account names, which allows remote attackers to determine valid account names.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | Misc. |
NASL id | INTELLIPEER_DISCLOSURE.NASL |
description | The remote POP3 server (probably intellipeer pop3 server) is vulnerable to an account enumeration issue. If an attacker attempts to log into the remote host by submitting a bogus username, then the server will reply with a specific error message if the account is nonexistent, while it will reply with another message if the account exists. An attacker may use this flaw to set up a brute-force attack against the remote server to obtain a list of valid user names and accounts. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 14829 |
published | 2004-09-27 |
reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/14829 |
title | Intellipeer POP3 Server User Account Enumeration |
code |
|