Tenable Network Security

	Nessus
	Download
	Plugins
	Newest Plugins
	Obtain an activation code
	View all plugins
	Search
	Documentation
	Register
	Buy Now
	ProfessionalFeed Support
	Bugs
	All the Tenable Products

POP Password Changer (poppassd_pam) Arbitrary User Remote Password Modification

This script is Copyright (C) 2005-2010 Tenable Network Security, Inc.


Family	Misc.
Nessus Plugin ID	16139 (poppasswd_unauthorized.nasl)
Bugtraq ID	12240
CVE ID

Description:
Synopsis : Passwords can be changed on the remote POP server. Description : The remote host is running POP Password Changer, a server to change POP user's passwords. According to the version number, the remote software is vulnerable to an unauthorized access. An attacker, exploiting this flaw, will be able to change user's password. Solution : Ensure that you are running a patched or more recent version of this software. Risk factor : High / CVSS Base Score : 7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This is the web site for the Nessus Vulnerability Scanner from Tenable Network Security. If you are looking for the probabilistic analysis software from Southwest Research Institute, please visit www.nessus.swri.org

POP Password Changer (poppassd_pam) Arbitrary User Remote Password Modification