CVE-2002-2410

Name of the Vulnerable Software and Affected Versions Open WebMail versions 1.7 through 1.71

Description The issue allows remote attackers to identify valid usernames via brute force attacks by generating different responses whether a user exists or not. It also reveals sensitive information in error messages and certain configuration and version information.

Recommendations For Open WebMail versions 1.7 through 1.71, consider modifying the error messages to not disclose sensitive information and implement measures to prevent brute force attacks, such as limiting the number of login attempts or introducing a delay between attempts.