POP3 Server Allows Plain Text Authentication

Discussion regarding the Standard version.
Post Reply
wagler
Posts: 1
Joined: Tue Feb 03, 2015 3:05 pm

POP3 Server Allows Plain Text Authentication

Post by wagler » Tue Feb 03, 2015 3:11 pm

We recently has a Qualys security scan ran against us and it resulted in the following error:
POP3 Server Allows Plain Text Authentication Vulnerability

---------------------------------
Threat:
Post Office Protocol version 3 (POP3) is an application layer internet standard protocol to retrieve e-mail from a remote server.
Use of the PASS command sends passwords in the clear over the network. Also, servers that answer -ERR to the User command are giving
potential attackers clues about which names are valid.

Solution:
POP3 supports several authentication methods to provide varying levels of protection.
----------------------------------

I would like to know how to correct this issue and/or whether or not I have to upgrade my version. I'm using Standard 1.87.

I found the following KB article and was wondering if this would solve the issue:
http://www.mailenable.com/kb/Content/Ar ... D=me020583

Thanks!

Post Reply