Multiple Mail Server EXPN/VRFY Information Disclosure

medium Nessus Plugin ID 10249

Synopsis

It is possible to enumerate the names of valid users on the remote host.

Description

The remote SMTP server answers to the EXPN and/or VRFY commands.

The EXPN command can be used to find the delivery address of mail aliases, or even the full name of the recipients, and the VRFY command may be used to check the validity of an account.

Your mailer should not allow remote users to use any of these commands, because it gives them too much information.

Solution

If you are using Sendmail, add the option :

O PrivacyOptions=goaway

in /etc/sendmail.cf.

Plugin Details

Severity: Medium

ID: 10249

File Name: sendmail_expn.nasl

Version: 1.59

Type: remote

Published: 6/22/1999

Updated: 8/13/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 8/1/1982

Exploitable With

Metasploit (SMTP User Enumeration Utility)