| Vulnerability Name: | CCN-11543 | ||||||
| Published: | 2003-03-15 | ||||||
| Updated: | 2003-03-15 | ||||||
| Summary: | Qualcomm Qpopper could allow a remote attacker to determine Qpopper usernames. If a user attempts to connect to the mail server with a valid username and an invalid password, the mail server waits approximately 10 seconds before disconnecting. However, if a user attempts to connect with an invalid username and password, the mail server would disconnect immediately after the authentication credentials are supplied. This could allow a remote attacker to use brute force techniques to determine a valid username. | ||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||
| CVSS v2 Severity: | 5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
| ||||||
| Vulnerability Consequences: | Bypass Security | ||||||
| References: | Source: CCN Type: BugTraq Mailing List, Sat Mar 15 2003 - 13:13:43 CST qpopper timing analysis on to determine if a username exists on a system Source: CCN Type: BugTraq Mailing List, Wed Jun 18 2003 - 13:43:44 CDT Qpopper leaks information during authentication Source: CCN Type: BugTraq Mailing List, Wed Jun 18 2003 - 15:09:15 CDT Re: ConnecTalk Security Advisory: Qpopper leaks information during authentication Source: CCN Type: Qualcomm Web site Qpopper Home Page Source: CCN Type: BID-7110 Qpopper Username Information Disclosure Weakness Source: XF Type: UNKNOWN qpopper-username-bruteforce(11543) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||