WebEasyMail POP3 Server Valid User Name Information Disclosure Vulnerability

WebEasyMail POP3 Server Valid User Name Information Disclosure Vulnerability

An issue has been discovered in WebEasyMail's POP3 server which may make it easier for remote attackers to verify the existence of user accounts.

In particular, it is trivial for an attacker to determine if a username exists or not. When a user attempts to authenticate against the POP3 server using an username followed by a password, WebEasyMail returns error messages which distinguish between invalid user names and passwords.