Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » security issues in 6.0.10
  •  
xstation108

Messages: 2
Karma: 0
Send a private message to this user
Hello

If I am lucky then Kerio might listen as in all other releases
they did not

Security Holes.

POP3

pop3 server
the script displays the information provided by pop3 server
this info could help an attacker choose the best attack vector
for the server

IMAP4

server banner provides info that might help an attacker



xstation108





  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Hello,

appartently you didn't read the manual carefully. There is an option in Advaced Settings/Miscellaneous called 'Show program name and version in network communication' which will disable displaying of product name and version in IMAP, POP3 etc.

http://www.kerio.com/manual/kms/en/ch07s09.html

So there is no security hole unless you wrongly configure KMS.

[Updated on: Sun, 22 May 2005 19:22]

Previous Topic: Local Outlook Rules
Next Topic: 6.1 Beta in production.
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Nov 22 08:39:28 CET 2017

Total time taken to generate the page: 0.00347 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.