Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The POP3 service for WebEasyMail 3.4.2.2 and earlier generates diffferent error messages for valid and invalid usernames during authentication, which makes it easier for remote attackers to conduct brute force attacks.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WebEasyMail POP3服务合法用户名远程信息泄露漏洞
Vulnerability Description
Webeasymail是一款集合SMTP和POP3的服务程序。 Webeasymail的POP服务对用户是否存在的响应处理不正确,远程攻击者可以利用这个漏洞判断用户是否存在。 当用户访问Webeasymail的POP服务,提供不存在的用户名和密码,服务器将返回"-ERR invalid username"的信息,如果用户存在,但密码不正确,却返回"-ERR wrong password for this user",利用这些应答信息,可以通过暴力猜测系统用户名,导致信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A