[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"all-banners":3,"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0":4,"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU":11,"vulnerability-23804":17,"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU":39},[],["Island",5],{"key":6,"params":7,"result":9},"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0",{"props":8},"{}",{"head":10},{},["Island",12],{"key":13,"params":14,"result":15},"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU",{"props":8},{"head":16},{},{"id":18,"detectable_with":19,"vuln_details":26,"vuln_id":36,"name":37,"published":38,"updated":38},23804,{"tool":20,"engine":23},{"id":21,"name":22},1,"Network Scanner",{"id":24,"name":25},5,"Version-based",{"id":18,"codename":27,"description":28,"severity":29,"risk_description":30,"public_description":31,"public_recommendation":32,"recommendation":33,"references":34,"cvssv3":27,"epss_score":27,"epss_percentile":27,"cve":27,"in_cisa_catalog":35,"date":27,"software_type":27,"vendor":27,"product":27,"ptt_exploit_capabilities":27},null,"We found that the Post Office Protocol (POP3) service is publicly accessible and doesn’t include STARTTLS capability. Email clients use the Post Office Protocol (POP) to download emails for user accounts. Some POP servers are initially set up to operate over an unsecured protocol. When email clients download email content through this plaintext protocol, it can pose a substantial risk to the organization's network, especially depending on which user account is set to receive the emails.","low","Exposing this service online can enable attackers to conduct man-in-the-middle attacks, thereby gaining access to sensitive user credentials and the contents of emails. Given that POP3 operates via a plaintext protocol, the entirety of the data exchanged between the client and server is left unencrypted. This critical information could then be leveraged in further attacks on the organization's network.","A publicly accessible Post Office Protocol (POP3) service that doesn’t include STARTTLS capability can pose significant security risks when exposed to the internet. Email clients use the Post Office Protocol (POP) to download emails for user accounts. Some POP servers are initially set up to operate over an unsecured protocol. When email clients download email content through this plaintext protocol, it can pose a substantial risk to the organization's network, especially depending on which user account is set to receive the emails.","Turn off POP3 access over the Internet and instead use a Virtual Private Network (VPN) that mandates two-factor authentication (2FA). If the POP3 service is essential for business purposes, we recommend limiting access only from designated IP addresses using a firewall. Furthermore, activating STARTTLS capability (switching the connection to a secure communication) or utilizing Secure POP3 (POP3S) is recommended, as this protocol employs encryption.","We recommend turning off POP3 access over the Internet and instead using a Virtual Private Network (VPN) that mandates two-factor authentication (2FA). If the POP3 service is essential for business purposes, we recommend limiting access only from designated IP addresses using a firewall. Furthermore, activating STARTTLS capability (switching the connection to a secure communication) or utilizing Secure POP3 (POP3S) is recommended, as this protocol employs encryption.",[],false,"NETSCAN-RECON-POP3-DETECT","POP3 service exposed to the Internet","2024-05-08T00:00:00Z",["Island",40],{"key":41,"params":42,"result":44},"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU",{"props":43},"{\"text-color\":\"gray\"}",{"head":45},{}]