CVE-2001-1068

Name of the Vulnerable Software and Affected Versions qpopper version 4.01

Description The issue allows remote attackers to determine valid usernames on the system by generating different error messages when an invalid username is provided instead of a valid name. This occurs on Red Hat systems with qpopper 4.01 that uses PAM based authentication.

Recommendations For qpopper version 4.01, consider modifying the authentication mechanism to provide uniform error messages for both valid and invalid usernames to prevent attackers from determining valid usernames.