VULHUB ™

An information disclosure weakness has been reported for Qpopper when authenticating. The weakness is due to the fact that if a valid username is sent with a bad password, Qpopper will wait a small amount of time prior to disconnecting the client. If the username that is sent is invalid, Qpopper immediately disconnects the client. A determined attacker can exploit this weakness to gather a list of valid usernames on a vulnerable system using Qpopper.

An information disclosure weakness has been reported for Qpopper when authenticating. The weakness is due to the fact that if a valid username is sent with a bad password, Qpopper will wait a small amount of time prior to disconnecting the client. If the username that is sent is invalid, Qpopper immediately disconnects the client. A determined attacker can exploit this weakness to gather a list of valid usernames on a vulnerable system using Qpopper.