Service:
pop3
Protocol:
TCPPort:
110Used for:
Used for retrieving email messages from mail servers to local email clientsWhy It’s Open
Port 110 is the standard port for Post Office Protocol version 3 (POP3), a legacy protocol for email retrieval. While modern systems typically use IMAP with encryption, POP3 remains supported for backward compatibility with older email clients. Mail servers expose this port to allow message downloading, though encrypted POP3S (port 995) is now preferred.
Common Risks
- Clear‑text Transmission
Credentials and email content sent unencrypted - Password Attacks
Vulnerable to brute force and credential stuffing - Data Exposure
Compromised accounts reveal stored messages - Legacy Vulnerabilities
Older implementations may contain unpatched flaws - Software Disclosure
Server banners expose version information
Want to save time on reporting?
Let PentestPad generate, track, and export your reports - automatically.
Enumeration & Testing
Check if it’s open:
nmap -sT -p 110Test POP3 connection:
telnet 110Basic authentication test:
nc 110What to Look For
| Checkpoint | What it means |
|---|---|
| Unencrypted POP3 | Authentication and data exposed |
| Visible version info | Reveals software details |
| No login attempt limits | Enables brute force attacks |
| Missing STARTTLS | No encryption upgrade option |
Mitigation
- Migrate to POP3S
Use encrypted port 995 exclusively - Require STARTTLS
Enforce encryption when POP3 is necessary - Rate Limit Logins
Block excessive authentication attempts - Modern Authentication
Implement OAuth or SASL mechanisms - Network Restrictions
Limit access to required IP ranges
TL;DR
- Standard unencrypted POP3 port
- Should be replaced with POP3S
- High credential attack risk
- Requires additional security controls
Known CVEs and Exploits
- CVE-2019-11500 – Dovecot auth-policy bypass via crafted requests
- CVE-2018-19518 – Info leak from mailbox indexing in Dovecot
- CVE-2015-1430 – Dovecot login flaw due to memory bug