[15601] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

FTGate and POP3 protocol

daemon@ATHENA.MIT.EDU (Andrew Lewis)
Sun Jul 2 15:18:44 2000

Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id:  <Pine.BSF.4.10.10007021523290.45406-100000@unix.za.net>
Date:         Sun, 2 Jul 2000 15:27:30 +0200
Reply-To: Andrew Lewis <wizdumb@UNIX.ZA.NET>
From: Andrew Lewis <wizdumb@UNIX.ZA.NET>
To: BUGTRAQ@SECURITYFOCUS.COM

Yeah, it's official - it's a problem with the POP3 protocol rather than
with FTGate specifically. Other affected daemons are gnu-pop3d,
Post.Office, Sendmail for NT, Cubic's Circle for Unix, etc etc.

Although returning a -ERR code when an inalid username is given *is* RFC
compliant, and that there is the delay feature to slow-down bruteforcing,
it's still a fairly stupid idea. :/

Cheers,
Andrew Lewis / Wizdumb

wizdumb@leet.org
www.mdma.za.net/fk


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[15601] in bugtraq

FTGate and POP3 protocol

daemon@ATHENA.MIT.EDU (Andrew Lewis)Sun Jul 2 15:18:44 2000

daemon@ATHENA.MIT.EDU (Andrew Lewis)
Sun Jul 2 15:18:44 2000