|Category:||Information Leak / Disclosure|
Published on 01/05/08 - Updated on 08/08/17
The POP3 server (EPSTPOP3S.EXE) 4.22 in E-Post Mail Server 4.10 allows remote attackers to obtain sensitive information via multiple crafted APOP commands for a known POP3 account, which displays the password in a POP3 error message.
CWE-200 (Information Exposure)
An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.