The Shadowserver Foundation: "We have started notifying about hosts running POP…" - Infosec Exchange

Attached: 2 images We have started notifying about hosts running POP3/IMAP services without TLS enabled, meaning usernames/passwords are not encrypted when transmitted. We see around 3.3M such cases with POP3 & a similar amount with IMAP (most overlap). It's time to retire those services! Data shared in: Vulnerable POP3 report: https://shadowserver.org/what-we-do/network-reporting/vulnerable-pop3-report/ Vulnerable IMAP report: https://shadowserver.org/what-we-do/network-reporting/vulnerable-imap-report/ Geo breakdown of instances: POP3 (no encryption): https://dashboard.shadowserver.org/statistics/combined/tree/?day=2024-12-30&source=pop3_vulnerable&source=pop3_vulnerable6&geo=all&data_set=count&scale=log IMAP (no encryption): https://dashboard.shadowserver.org/statistics/combined/tree/?day=2024-12-30&source=imap_vulnerable&source=imap_vulnerable6&geo=all&data_set=count&scale=log Note that regardless whether TLS is enabled or not service exposure may enable password guessing attacks against the server. You can find POP3 and IMAP servers that use TLS in our Accessible POP3 https://shadowserver.org/what-we-do/network-reporting/accessible-pop3-report/ & Accessible IMAP https://shadowserver.org/what-we-do/network-reporting/accessible-imap-report/ reports

Leave a Comment