Communigate email verification email harvesting
| communigate-email-verify (5363) |  Low Risk |
Description:
Stalker CommuniGate Pro could provide weaker than expected. Due to a vulnerability in the POP3 daemon, CommuniGate Pro version 3.3.2 allows a remote attacker to connect to the POP3 port and verify valid user accounts on the mail server. An attacker can use this to obtain all of the valid email addresses on the server for sending spam.
Platforms Affected:
- Stalker Software, CommuniGate Pro 3.3.2
Remedy:
This vulnerability has reportedly been fixed. Upgrade to the latest version of Stalker CommuniGate Pro, available from the Stalker Web site. See References.
Consequences:
Obtain Information
References:
- BugTraq Mailing List, Thu Oct 12 2000 - 14:43:47 CDT, Re: Netscape Messaging server 4.15 poor error strings at http://archives.neohapsis.com/archives/bugtraq/2000-10/0230.html.
- Stalker Web site, Stalker Software Inc. - Download Page at http://www.stalker.com/download/.
- BID-1792: CommuniGate Pro Email Address Verification Vulnerability
- CVE-2000-1002: POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to determine valid email addresses on the server for SPAM attacks.
Reported:
Oct 12, 2000
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net