Bugtraq mailing list archives
FTGate and POP3 protocol
From: wizdumb () UNIX ZA NET (Andrew Lewis)
Date: Sun, 2 Jul 2000 15:27:30 +0200
Yeah, it's official - it's a problem with the POP3 protocol rather than with FTGate specifically. Other affected daemons are gnu-pop3d, Post.Office, Sendmail for NT, Cubic's Circle for Unix, etc etc. Although returning a -ERR code when an inalid username is given *is* RFC compliant, and that there is the delay feature to slow-down bruteforcing, it's still a fairly stupid idea. :/ Cheers, Andrew Lewis / Wizdumb wizdumb () leet org www.mdma.za.net/fk
Current thread:
- FTGate and POP3 protocol Andrew Lewis (Jul 02)
- Re: FTGate and POP3 protocol Roger Burton West (Jul 02)
- Re: FTGate and POP3 protocol Jeremy C. Reed (Jul 05)
- Patch for Flowerfire Sawmill Vulnerabilities Available Alfred Huger (Jul 06)