POP2 unencrypted cleartext logins 1.0
 
Plugin ID331
Plugin namePOP2 unencrypted cleartext logins
Plugin filenamePOP2 unencrypted cleartext logins.plugin
Plugin filesize2050 bytes
Plugin familySMTP
Plugin created nameMarc Ruef
Plugin created emailmarc.ruef at computec.ch
Plugin created webhttp://www.computec.ch
Plugin created companycomputec.ch
Plugin created date2005/01/09
Plugin version1.0
Plugin protocoltcp
Plugin port109
Plugin procedure detectionopen|sleep|close|pattern_not_exists POP
Plugin detection accuracy70
Plugin commentThe NASL script is Copyright (C) 2004 George A. Theall
Bug affectedPOP2 servers
Bug vulnerability classMissing Encryption
Bug descriptionThe remote host is running a POP2 daemon that allows cleartext logins over unencrypted connections. An attacker can uncover login names and passwords by sniffing traffic to the POP2 daemon.
Bug solutionEncrypt traffic with SSL / TLS using stunnel.
Bug fixing timeApprox. 1 hour
Bug exploit availabilityYes
Bug remoteYes
Bug localYes
Bug severityLow
Bug popularity3
Bug simplicity8
Bug impact8
Bug risk6
Bug Nessus riskLow
Bug check toolsNessus can check this flaw with the plugin 15854 (POP2 Unencrypted Cleartext Logins).
Source OSVDB ID3119
Source Nessus ID15854
Source LiteratureHacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427
Source Misc.http://www.computec.ch

This file was generated by the Attack Tool Kit (ATK), the open-sourced security scanner and exploiting framework.