Information Disclosure Vulnerability in TCP/IP Services for HP OpenVMS
CVE-2007-3729

Currently unrated

Key Information:

Vendor: HP
Status: Openvms
Vendor: CVE Published:; 12 July 2007

Summary

The default setup of the POP server within TCP/IP Services 5.6 for HP OpenVMS 8.3 enables attackers to discern valid POP usernames. It produces differing responses based on the validity of the username, allowing for systematic enumeration. Attackers can exploit this vulnerability to gather valid usernames, which may facilitate further attacks on the targeted systems.

References

http://osvdb.org/37809

vdb-entryx_refsource_OSVDB

http://groups.google.com/group/comp.os.vms/browse_thread/...

x_refsource_MISC

http://secunia.com/advisories/25882

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jul 12, 2007
Vulnerability Reserved
Jul 12, 2007