HIGH: Vulnerable POP3 Report

NOTE: REPORT CURRENTLY SUSPENDED DUE TO FALSE POSITIVES

DESCRIPTION LAST UPDATED: 2025-01-06

DEFAULT SECURITY LEVEL: HIGH

This report identifies hosts that have a POP3 service running on port 110/TCP or 995/TCP without TLS support.

This means that passwords used for mail access may be intercepted. Additionally, service exposure may enable password guessing attacks against the server.

If you receive this report from us, please enable TLS support for POP3 as well as consider whether the service needs to be enabled at all or moved behind a VPN.

Severity levels are described here.

For more information on our scanning efforts, check out our Internet scanning summary page.

This report has an IPv4 and IPv6 version.

Filename(s): scan_pop3_vulnerable, scan6_pop3_vulnerable

Fields

timestamp

Time that the IP was probed in UTC+0
severity

Severity level
ip

The IP address of the device in question
port

Port that the SSL response came from
hostname

Reverse DNS name of the device in question. Note, this will be taken from the subject_common_name if it resembles a domain if no reverse DNS entry is found
tag

Report tags (pop3)
asn

ASN of where the device in question resides
geo

Country where the device in question resides
region

State / Province / Administrative region where the device in question resides
city

City in which the device in question reside
naics

North American Industry Classification System Code
hostname_source

Hostname source
sector

Sector information of the IP in question, e.g. "Retail Trade", "Communications, Service Provider, and Hosting Service"
banner

POP3 banner
cert_expiration_date

Date when the SSL certificate expires
cert_expired

Whether the cert has expired (Y/N)
cert_issue_date

Date when the SSL certificate became valid
cert_length

Certificate Key Length (1024 bit, 2048 bit, etc)
cert_serial_number

Certificate serial number
cert_valid

Is the certificate valid (Y/N)?
cipher_suite

The highest CipherSuite that was able to be negotiated
handshake

The highest SSL handshake that could be negotiated (TLSv1.2, TLSv1.1, TLSv1.0, SSLv3)
issuer_business_category

Business category of issuer
issuer_common_name

The Common Name of the entity that signed the SSL certificate
issuer_country

Country of issuer
issuer_email_address

Email address of issuer
issuer_given_name

Given name of issuer
issuer_locality_name

Locality of issuer
issuer_organization_name

Issuing organization name
issuer_organization_unit_name

Issuing organization unit name
issuer_postal_code

Postal code of issuer
issuer_serial_number

Serial number of issuer
issuer_state_or_province_name

State or province of issuer
issuer_street_address

Street address of issuer
issuer_surname

Surname of issuer
jarm

JARM signature of server
key_algorithm

Key algorithm used
md5_fingerprint

MD5 fingerprint of certificate
self_signed

Is the certificate self-signed (Y/N)?
sha1_fingerprint

SHA1 fingerprint of certificate
sha256_fingerprint

SHA256 fingerprint of certificate
sha512_fingerprint

SHA512 fingerprint of certificate
signature_algorithm

Signature algorithm used
ssl_version

SSL/TLS version
sslv3_supported

Is SSL v1.3 supported?
subject_business_category

The business category of the subject of the certificate
subject_common_name

The Common Name (CN) of the SSL certificate
subject_country

The country of the subject of the certificate
subject_email_address

The e-mail address of the subject of the certificate
subject_given_name

Given name of subject of the certificate
subject_locality_name

The locality name of the subject of the certificate
subject_organization_name

The subject organization name (ON) of the certificate
subject_organization_unit_name

The organization unit name of the subject of the certificate
subject_postal_code

The postal code of the subject of the certificate
subject_serial_number

Serial number of the subject of the certificate
subject_state_or_province_name

The state or province name of the subject of the certificate
subject_street_address

The street address of the subject of the certificate
subject_surname

The surname of the subject of the certificate
validation_level

Certificate validation level, e.g. DV, OV, EV

Sample

"timestamp","severity","ip","protocol","port","hostname","tag","asn","geo","region","city","naics","hostname_source","sector","banner","cert_expiration_date","cert_expired","cert_issue_date","cert_length","cert_serial_number","cert_valid","cipher_suite","handshake","issuer_business_category","issuer_common_name","issuer_country","issuer_email_address","issuer_given_name","issuer_locality_name","issuer_organization_name","issuer_organization_unit_name","issuer_postal_code","issuer_serial_number","issuer_state_or_province_name","issuer_street_address","issuer_surname","jarm","key_algorithm","md5_fingerprint","self_signed","sha1_fingerprint","sha256_fingerprint","sha512_fingerprint","signature_algorithm","ssl_version","sslv3_supported","subject_business_category","subject_common_name","subject_country","subject_email_address","subject_given_name","subject_locality_name","subject_organization_name","subject_organization_unit_name","subject_postal_code","subject_serial_number","subject_state_or_province_name","subject_street_address","subject_surname","validation_level"
"2010-02-10 00:00:00",info,192.168.0.1,tcp,110,node01.example.com,pop3s,64512,ZZ,Region,City,0,ptr,,"+OK <23731.1736040469@example.com>||+OK capability list follows|USER|TOP|UIDL|STLS|.","2021-11-12 11:18:27",Y,"2012-11-14 11:18:27",2048,B3F13DFBDBA2D8B2,N,TLS_AES_256_GCM_SHA384,TLSv1.2,,example.com,,,,,,,,,,,,,rsaEncryption,F1:8A:02:48:3C:6B:F4:00:CC:5C:D5:B0:71:E4:FA:00,N,03:39:9E:5D:77:19:38:C4:49:DE:C3:3D:9B:E6:13:ED:5A:F1:42:55,E1:D1:6E:87:49:B9:AC:74:B4:AC:9B:77:85:27:69:97:0D:16:B1:F6:63:F0:26:51:AA:89:42:39:66:BD:47:D0,1C:E9:04:22:90:46:68:0B:8B:54:33:38:C6:20:5F:EE:A6:73:A6:B5:2C:7D:12:94:DE:F1:CC:11:2E:72:0B:97:C2:7D:19:BF:E0:6B:98:A9:21:D9:9D:5A:CB:38:0B:D8:7E:E2:8E:2B:EA:15:EC:60:11:1E:41:E3:FB:4C:20:9F,sha256WithRSAEncryption,2,,,example.com,ZZ,,,,,,,,,,,OV
"2010-02-10 00:00:01",info,192.168.0.2,tcp,110,node02.example.com,pop3s,64512,ZZ,Region,City,0,ptr,,"+OK Dovecot ready. <30ae79.1.6779e27d.FPuZtsxbY6cxmDZv5ghbiQ==@hosting.myecommerce.biz>||+OK|CAPA|TOP|UIDL|RESP-CODES|PIPELINING|AUTH-RESP-CODE|STLS|USER|SASL PLAIN LOGIN DIGEST-MD5 CRAM-MD5|.","2021-11-12 11:18:27",Y,"2012-11-14 11:18:27",2048,B3F13DFBDBA2D8B2,N,TLS_AES_256_GCM_SHA384,TLSv1.2,,example.com,,,,,,,,,,,,,rsaEncryption,F1:8A:02:48:3C:6B:F4:00:CC:5C:D5:B0:71:E4:FA:00,Y,03:39:9E:5D:77:19:38:C4:49:DE:C3:3D:9B:E6:13:ED:5A:F1:42:55,E1:D1:6E:87:49:B9:AC:74:B4:AC:9B:77:85:27:69:97:0D:16:B1:F6:63:F0:26:51:AA:89:42:39:66:BD:47:D0,1C:E9:04:22:90:46:68:0B:8B:54:33:38:C6:20:5F:EE:A6:73:A6:B5:2C:7D:12:94:DE:F1:CC:11:2E:72:0B:97:C2:7D:19:BF:E0:6B:98:A9:21:D9:9D:5A:CB:38:0B:D8:7E:E2:8E:2B:EA:15:EC:60:11:1E:41:E3:FB:4C:20:9F,sha256WithRSAEncryption,0,,,example.com,ZZ,,,,,,,,,,,unknown
"2010-02-10 00:00:02",info,192.168.0.3,tcp,110,node03.example.com,pop3s,64512,ZZ,Region,City,0,ptr,,"+OK Mail Delivery Agent||+OK|CAPA|TOP|UIDL|RESP-CODES|PIPELINING|AUTH-RESP-CODE|STLS|USER|SASL PLAIN LOGIN|.","2021-11-12 11:18:27",Y,"2012-11-14 11:18:27",2048,B3F13DFBDBA2D8B2,N,TLS_AES_256_GCM_SHA384,TLSv1.2,,example.com,,,,,,,,,,,,,rsaEncryption,F1:8A:02:48:3C:6B:F4:00:CC:5C:D5:B0:71:E4:FA:00,N,03:39:9E:5D:77:19:38:C4:49:DE:C3:3D:9B:E6:13:ED:5A:F1:42:55,E1:D1:6E:87:49:B9:AC:74:B4:AC:9B:77:85:27:69:97:0D:16:B1:F6:63:F0:26:51:AA:89:42:39:66:BD:47:D0,1C:E9:04:22:90:46:68:0B:8B:54:33:38:C6:20:5F:EE:A6:73:A6:B5:2C:7D:12:94:DE:F1:CC:11:2E:72:0B:97:C2:7D:19:BF:E0:6B:98:A9:21:D9:9D:5A:CB:38:0B:D8:7E:E2:8E:2B:EA:15:EC:60:11:1E:41:E3:FB:4C:20:9F,sha256WithRSAEncryption,2,,,example.com,ZZ,,,,,,,,,,,DV

Our 132 Report Types

« Back to Network Reporting