CVE-2001-1280
First published: Fri Oct 12 2001(Updated: )
POP3 Server for Ipswitch IMail 7.04 and earlier generates different responses to valid and invalid user names, which allows remote attackers to determine users on the system.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ipswitch IMail | =6.0.6 | |
| Ipswitch IMail | =6.0.2 | |
| Ipswitch IMail | =7.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2001-1280?
CVE-2001-1280 has a medium severity level due to the potential for user enumeration by remote attackers.
How do I fix CVE-2001-1280?
To fix CVE-2001-1280, it is recommended to upgrade to a newer version of Ipswitch IMail that no longer exhibits this vulnerability.
What does CVE-2001-1280 vulnerability involve?
CVE-2001-1280 allows remote attackers to determine valid user names by analyzing the different responses generated by the POP3 server for valid and invalid attempts.
What versions of Ipswitch IMail are affected by CVE-2001-1280?
Ipswitch IMail versions 6.0.2, 6.0.6, and 7.0.4 are affected by CVE-2001-1280.
What type of attacks can CVE-2001-1280 facilitate?
CVE-2001-1280 can facilitate user enumeration attacks, allowing attackers to identify valid accounts on the server.
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/references
- agent/weakness
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/ipswitch
- canonical/ipswitch imail
- version/ipswitch imail/6.0.6
- version/ipswitch imail/6.0.2
- version/ipswitch imail/7.0.4