CVE-2000-0960

Name of the Vulnerable Software and Affected Versions Netscape Messaging Server version 4.15p1

Description The issue allows remote attackers to determine valid users on the system and harvest email addresses for spam abuse by exploiting different error messages generated by the POP3 server for incorrect user names versus incorrect passwords.

Recommendations For Netscape Messaging Server version 4.15p1, consider modifying the POP3 server to return generic error messages for both incorrect user names and passwords to prevent user enumeration. As a temporary workaround, restrict access to the POP3 server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.