| Vulnerability Description |
The Internet Message Access Protocol (IMAP) is one of the two most prevalent Internet standard protocols for e-mail retrieval, the other being the Post Office Protocol (POP).Virtually all modern e-mail clients and mail servers support both protocols as a means of transferring e-mail messages from a server to a client.
There are several serious security limitations with the IMAP protocol that allow malicious attackers to compromise a remote server, gain full access rights or launch denial of service (DoS) attacks. |
| Vulnerability Details | IPS offers several preemptive protections against IMAP related vulnerabilities:
Empty IMAP Username - According to RFC 3501, a username must be provided in the IMAP LOGIN command. Not providing a username might indicate an attempt to attack the server. By activating this protection, IPS can detect or prevent IMAP connections with login attempts which do not contain a user.
Empty IMAP Password - According to RFC 3501, a password must be provided in the IMAP LOGIN command. Not providing a password might indicate an attempt to attack the server or enter the IMAP account without permission. In addition, enforcing a non-empty IMAP password policy increases security. By activating this protection, IPS can detect or prevent IMAP connections with login attempts which do not contain a password.
IMAP STARTTLS Command - RFC 3501 defines how to use encrypted TLS sessions for IMAP. By activating this protection, IPS can detect or prevent IMAP connections which are encrypted.
Non Compliant IMAP - Unexpected characters used in IMAP connections might indicate an attempt to attack the mail server. Such protocol violation is a declaration of a wrong size of IMAP literal arguments, as defined in 3501. By activating this protection, IPS can detect or prevent IMAP connections which cannot be inspected because they violate the IMAP protocol. |
Feedback