HIGH: Vulnerable IMAP Report

NOTE: REPORT CURRENTLY SUSPENDED DUE TO FALSE POSITIVES

DESCRIPTION LAST UPDATED: 2025-01-06

DEFAULT SECURITY LEVEL: HIGH

This report identifies hosts that have a IMAP service running on port 143/TCP or 993/TCP without TLS support.

This means that passwords used for mail access may be intercepted. Additionally, service exposure may enable password guessing attacks against the server.

If you receive this report from us, please enable TLS support for IMAP as well as consider whether the service needs to be enabled at all or moved behind a VPN.

Severity levels are described here.

For more information on our scanning efforts, check out our Internet scanning summary page.

This report has an IPv4 and IPv6 version.

Filename(s): scan_imap_vulnerable, scan6_imap_vulnerable

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • severity
    Severity level
  • ip
    The IP address of the device in question
  • port
    Port that the SSL response came from
  • hostname
    Reverse DNS name of the device in question. Note, this will be taken from the subject_common_name if it resembles a domain if no reverse DNS entry is found
  • tag
    Report tags (imap)
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question reside
  • naics
    North American Industry Classification System Code
  • hostname_source
    Hostname source
  • sector
    Sector information of the IP in question, e.g. "Retail Trade", "Communications, Service Provider, and Hosting Service"
  • banner
    IMAP banner
  • handshake
    The highest SSL handshake that could be negotiated (TLSv1.2, TLSv1.1, TLSv1.0, SSLv3)
  • cipher_suite
    The highest CipherSuite that was able to be negotiated
  • cert_length
    Certificate Key Length (1024 bit, 2048 bit, etc)
  • subject_common_name
    The Common Name (CN) of the SSL certificate
  • issuer_common_name
    The Common Name of the entity that signed the SSL certificate
  • cert_issue_date
    Date when the SSL certificate became valid
  • cert_expiration_date
    Date when the SSL certificate expires
  • sha1_fingerprint
    SHA1 fingerprint of certificate
  • cert_serial_number
    Certificate serial number
  • ssl_version
    SSL/TLS version
  • signature_algorithm
    Signature algorithm used
  • key_algorithm
    Key algorithm used
  • subject_organization_name
    The subject organization name (ON) of the certificate
  • subject_organization_unit_name
    The organization unit name of the subject of the certificate
  • subject_country
    The country of the subject of the certificate
  • subject_state_or_province_name
    The state or province name of the subject of the certificate
  • subject_locality_name
    The locality name of the subject of the certificate
  • subject_street_address
    The street address of the subject of the certificate
  • subject_postal_code
    The postal code of the subject of the certificate
  • subject_surname
    The surname of the subject of the certificate
  • subject_given_name
    The given name of the subject of the certificate
  • subject_email_address
    The e-mail address of the subject of the certificate
  • subject_business_category
    The business category of the subject of the certificate
  • subject_serial_number
    Serial number of the subject of the certificate
  • issuer_organization_name
    Issuing organization name
  • issuer_organization_unit_name
    Issuing organization unit name
  • issuer_country
    Country of issuer
  • issuer_state_or_province_name
    State or province of issuer
  • issuer_locality_name
    Locality of issuer
  • issuer_street_address
    Street address of issuer
  • issuer_postal_code
    Postal code of issuer
  • issuer_surname
    Surname of issuer
  • issuer_given_name
    Given name of issuer
  • issuer_email_address
    Email address of issuer
  • issuer_business_category
    Business category of issuer
  • issuer_serial_number
    Serial number of issuer
  • sha256_fingerprint
    SHA256 fingerprint of certificate
  • sha512_fingerprint
    SHA512 fingerprint of the certificate
  • md5_fingerprint
    MD5 fingerprint of certificate

Sample

"timestamp","severity","ip","protocol","port","hostname","tag","asn","geo","region","city","naics","hostname_source","sector","banner","cert_expiration_date","cert_expired","cert_issue_date","cert_length","cert_serial_number","cert_valid","cipher_suite","handshake","issuer_business_category","issuer_common_name","issuer_country","issuer_email_address","issuer_given_name","issuer_locality_name","issuer_organization_name","issuer_organization_unit_name","issuer_postal_code","issuer_serial_number","issuer_state_or_province_name","issuer_street_address","issuer_surname","jarm","key_algorithm","md5_fingerprint","self_signed","sha1_fingerprint","sha256_fingerprint","sha512_fingerprint","signature_algorithm","ssl_version","sslv3_supported","subject_business_category","subject_common_name","subject_country","subject_email_address","subject_given_name","subject_locality_name","subject_organization_name","subject_organization_unit_name","subject_postal_code","subject_serial_number","subject_state_or_province_name","subject_street_address","subject_surname","validation_level"
"2010-02-10 00:00:00",info,192.168.0.1,tcp,993,node01.example.com,imaps,64512,ZZ,Region,City,0,ptr,,"* OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=PLAIN SASL-IR] example.com Cyrus IMAP v2.4.17-Fedora-RPM-2.4.17-15.el7 server ready|","2021-11-12 11:18:27",Y,"2012-11-14 11:18:27",2048,B3F13DFBDBA2D8B2,N,TLS_AES_256_GCM_SHA384,TLSv1.2,,example.com,,,,,,,,,,,,,rsaEncryption,F1:8A:02:48:3C:6B:F4:00:CC:5C:D5:B0:71:E4:FA:00,Y,03:39:9E:5D:77:19:38:C4:49:DE:C3:3D:9B:E6:13:ED:5A:F1:42:55,E1:D1:6E:87:49:B9:AC:74:B4:AC:9B:77:85:27:69:97:0D:16:B1:F6:63:F0:26:51:AA:89:42:39:66:BD:47:D0,1C:E9:04:22:90:46:68:0B:8B:54:33:38:C6:20:5F:EE:A6:73:A6:B5:2C:7D:12:94:DE:F1:CC:11:2E:72:0B:97:C2:7D:19:BF:E0:6B:98:A9:21:D9:9D:5A:CB:38:0B:D8:7E:E2:8E:2B:EA:15:EC:60:11:1E:41:E3:FB:4C:20:9F,sha256WithRSAEncryption,2,,,example.com,ZZ,,,,,,,,,,,unknown
"2010-02-10 00:00:01",info,192.168.0.2,tcp,993,node02.example.com,imaps,64512,ZZ,Region,City,0,ptr,,"* OK tauromar.com IMAP4rev1 Mailtraq (2.17.7.3516) ready|","2021-11-12 11:18:27",Y,"2012-11-14 11:18:27",2048,B3F13DFBDBA2D8B2,N,TLS_AES_256_GCM_SHA384,TLSv1.0,,example.com,,,,,,,,,,,,,rsaEncryption,F1:8A:02:48:3C:6B:F4:00:CC:5C:D5:B0:71:E4:FA:00,N,03:39:9E:5D:77:19:38:C4:49:DE:C3:3D:9B:E6:13:ED:5A:F1:42:55,E1:D1:6E:87:49:B9:AC:74:B4:AC:9B:77:85:27:69:97:0D:16:B1:F6:63:F0:26:51:AA:89:42:39:66:BD:47:D0,1C:E9:04:22:90:46:68:0B:8B:54:33:38:C6:20:5F:EE:A6:73:A6:B5:2C:7D:12:94:DE:F1:CC:11:2E:72:0B:97:C2:7D:19:BF:E0:6B:98:A9:21:D9:9D:5A:CB:38:0B:D8:7E:E2:8E:2B:EA:15:EC:60:11:1E:41:E3:FB:4C:20:9F,sha256WithRSAEncryption,2,,,example.com,ZZ,,,,,,,,,,,DV
"2010-02-10 00:00:02",info,192.168.0.3,tcp,993,node03.example.com,imap,64512,ZZ,Region,City,0,ptr,,"* OK IMAP4rev1 server ready at 01/05/25 06:41:39|","2021-11-12 11:18:27",Y,"2012-11-14 11:18:27",2048,B3F13DFBDBA2D8B2,N,TLS_AES_256_GCM_SHA384,,,example.com,,,,,,,,,,,,,rsaEncryption,F1:8A:02:48:3C:6B:F4:00:CC:5C:D5:B0:71:E4:FA:00,,03:39:9E:5D:77:19:38:C4:49:DE:C3:3D:9B:E6:13:ED:5A:F1:42:55,E1:D1:6E:87:49:B9:AC:74:B4:AC:9B:77:85:27:69:97:0D:16:B1:F6:63:F0:26:51:AA:89:42:39:66:BD:47:D0,1C:E9:04:22:90:46:68:0B:8B:54:33:38:C6:20:5F:EE:A6:73:A6:B5:2C:7D:12:94:DE:F1:CC:11:2E:72:0B:97:C2:7D:19:BF:E0:6B:98:A9:21:D9:9D:5A:CB:38:0B:D8:7E:E2:8E:2B:EA:15:EC:60:11:1E:41:E3:FB:4C:20:9F,,,,,example.com,ZZ,,,,,,,,,,,

Our 132 Report Types

« Back to Network Reporting