IBM iSeries AS400 POP3 Server Remote Information Disclosure Vulnerability
BID:13156
Info
IBM iSeries AS400 POP3 Server Remote Information Disclosure Vulnerability
| Bugtraq ID: | 13156 |
| Class: | Design Error |
| CVE: |
CVE-2005-1133 CVE-2005-1133 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 13 2005 12:00AM |
| Updated: | Mar 19 2015 08:09AM |
| Credit: | Discovery of this issue is credited to "Shalom Carmel" <[email protected]>. |
| Vulnerable: |
IBM iSeries AS400 |
| Not Vulnerable: | |
Discussion
IBM iSeries AS400 POP3 Server Remote Information Disclosure Vulnerability
IBM iSeries AS400 computers are reported prone to a remote information disclosure vulnerability. The issue exists in the POP3 service that is installed and runs by default on affected computers.
During authentication when a username is supplied the affected service will reply with overly verbose status messages.
A remote attacker may employ these status messages to aid in the disclosure of valid usernames during brute force attacks. Information that is harvested in this manner may then be used to aid in further attacks.
IBM iSeries AS400 computers are reported prone to a remote information disclosure vulnerability. The issue exists in the POP3 service that is installed and runs by default on affected computers.
During authentication when a username is supplied the affected service will reply with overly verbose status messages.
A remote attacker may employ these status messages to aid in the disclosure of valid usernames during brute force attacks. Information that is harvested in this manner may then be used to aid in further attacks.
Exploit / POC
IBM iSeries AS400 POP3 Server Remote Information Disclosure Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
IBM iSeries AS400 POP3 Server Remote Information Disclosure Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
IBM iSeries AS400 POP3 Server Remote Information Disclosure Vulnerability
References:
References:
- IBM Homepage (IBM)