Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Around 3.3 million POP3 and IMAP mail servers lack TLS encryption

Over 3 million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks. ShadowServer researchers reported that around 3.3 million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks. POP3 (Post Office Protocol 3) and IMAP (Internet Message Access Protocol) are two protocols used to retrieve […]

POP3

Over 3 million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks.

ShadowServer researchers reported that around 3.3 million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks.

POP3 (Post Office Protocol 3) and IMAP (Internet Message Access Protocol) are two protocols used to retrieve and manage emails from mail servers.

With POP3, the e-mails are downloaded to the local device and often deleted from the server. With IMAP, emails remain on the server, with synchronized access across devices.

TLS (Transport Layer Security) is a cryptographic protocol designed to provide secure communication over a computer network. It is widely used to secure data transmitted over the internet, such as emails, web browsing, instant messaging, and file transfers.

ShadowServer scanned the internet for hosts running a POP3 service on port 110/TCP or 995/TCP without TLS support. Passwords for mail access could be intercepted, and exposed services may allow password guessing attacks on the server.

“This means that passwords used for mail access may be intercepted. Additionally, service exposure may enable password guessing attacks against the server.” reads the post published by ShadowServer. “If you receive this report from us, please enable TLS support for POP3 as well as consider whether the service needs to be enabled at all or moved behind a VPN.”

Most of the hosts running POP3/IMAP services without TLS enabled are in the United States, followed by Germany and Poland.

“Note that regardless whether TLS is enabled or not service exposure may enable password guessing attacks against the server.” reported ShadowServer.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, POP3)