CVE-2006-0129

Name of the Vulnerable Software and Affected Versions: Rockliffe MailSite versions 7.0.3.1 and earlier

Description: The issue allows remote attackers to enumerate valid usernames by sending user requests to TCP port 106, as the Mail Management Agent generates different responses depending on whether a username is valid or not.

Recommendations: For versions 7.0.3.1 and earlier, consider restricting access to TCP port 106 to minimize the risk of exploitation. As a temporary workaround, limit the information disclosed in error messages to prevent username enumeration. At the moment, there is no information about a newer version that contains a fix for this vulnerability.