{"api_version":"1","generated_at":"2026-04-24T05:51:34+00:00","cve":"CVE-2000-1002","urls":{"html":"https://cve.report/CVE-2000-1002","api":"https://cve.report/api/cve/CVE-2000-1002.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2000-1002","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2000-1002"},"summary":{"title":"CVE-2000-1002","description":"POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to determine valid email addresses on the server for SPAM attacks.","state":"PUBLISHED","assigner":"mitre","published_at":"2000-12-11 05:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/5363","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/5363","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/139523","name":"http://www.securityfocus.com/archive/1/139523","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/1792","name":"http://www.securityfocus.com/bid/1792","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"],"title":"CommuniGate Pro Email Address Verification Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2000-1002","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2000-1002","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2000","cve_id":"1002","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"stalker","cpe5":"communigate_pro","cpe6":"3.3.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-08T05:37:32.399Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"communigate-email-verify(5363)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/5363"},{"name":"1792","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/1792"},{"name":"20001012 Re: Netscape Messaging server 4.15 poor error strings","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/139523"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2000-10-12T00:00:00.000Z","descriptions":[{"lang":"en","value":"POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to determine valid email addresses on the server for SPAM attacks."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2005-11-02T10:00:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"communigate-email-verify(5363)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/5363"},{"name":"1792","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/1792"},{"name":"20001012 Re: Netscape Messaging server 4.15 poor error strings","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/139523"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2000-1002","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to determine valid email addresses on the server for SPAM attacks."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"communigate-email-verify(5363)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/5363"},{"name":"1792","refsource":"BID","url":"http://www.securityfocus.com/bid/1792"},{"name":"20001012 Re: Netscape Messaging server 4.15 poor error strings","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/139523"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2000-1002","datePublished":"2001-01-22T05:00:00.000Z","dateReserved":"2000-11-24T00:00:00.000Z","dateUpdated":"2024-08-08T05:37:32.399Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2000-12-11 05:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:stalker:communigate_pro:3.3.2:*:*:*:*:*:*:*","matchCriteriaId":"8E4802FD-52E5-4A8B-8AAB-4536A4A8AC4A"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2000","CveId":"1002","Ordinal":"1","Title":"CVE-2000-1002","CVE":"CVE-2000-1002","Year":"2000"},"notes":[{"CveYear":"2000","CveId":"1002","Ordinal":"1","NoteData":"POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to determine valid email addresses on the server for SPAM attacks.","Type":"Description","Title":"CVE-2000-1002"},{"CveYear":"2000","CveId":"1002","Ordinal":"2","NoteData":"2001-01-22","Type":"Other","Title":"Published"},{"CveYear":"2000","CveId":"1002","Ordinal":"3","NoteData":"2005-11-02","Type":"Other","Title":"Modified"}]}}}