CVE-2007-3729

Name of the Vulnerable Software and Affected Versions TCP/IP Services versions 5.6 for HP OpenVMS 8.3

Description The default configuration of the POP server generates different responses depending on whether or not a username is valid, allowing remote attackers to enumerate valid POP usernames.

Recommendations For TCP/IP Services version 5.6, consider reconfiguring the POP server to prevent differentiation in responses based on username validity until a patch is available. Restrict access to the POP server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.