Re: [exim] Local user enumeration through RCPT

Top Page
This message is part of the following thread:
M++\the complete thread tree sorted by date
MMMMPeter Bowyer at <-
.MMPhill Wood at ->
Delete this message
Reply to this message
Author: John Burnham
Date:  
To: exim-users
Subject: Re: [exim] Local user enumeration through RCPT
> One of the servers we look after was recently "penetration
> tested" and they
> could find very little wrong so they complained about silly
> things like it's
> possible to see which users locally exist on the server
> through the answer
> Exim provides to the RCPT command.
>
Actually, surely all it's doing is enumerating the email addresses that that server
accepts mail for.... This may have little or no connection to the OS user accounts.
J

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Local user enumeration through RCPTRe: [exim] Local user enumeration through RCPT->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)