Vulnerability CVE-2000-1002

Vulnerability CVE-2000-1002

Published: 2000-12-11 Modified: 2012-02-12

Description:

POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to determine valid email addresses on the server for SPAM attacks.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
5/10	2.9/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	None	None

Affected software
Stalker -> Communigate pro

References:

http://www.securityfocus.com/archive/1/139523

http://www.securityfocus.com/bid/1792

https://exchange.xforce.ibmcloud.com/vulnerabilities/5363

Copyright 2024, cxsecurity.com