Port 993 – IMAPS (IMAP over SSL)

Why It’s Open

Port 993 is used for Internet Message Access Protocol over SSL/TLS (IMAPS), providing encrypted access to email messages stored on mail servers. Unlike standard IMAP on port 143, IMAPS offers built-in encryption for the entire email session, protecting both authentication credentials and message content.

Organizations deploy IMAPS to provide secure email access for users, particularly in environments where email contains sensitive information or compliance requirements mandate encrypted communications. It’s a critical component of modern email infrastructure.

Common Risks

• SSL/TLS Vulnerabilities:
  Outdated encryption protocols may be exploited.
• Brute Force Attacks:
  Despite encryption, weak passwords remain vulnerable.
• Certificate Issues:
  Invalid or expired certificates enable MitM attacks.
• Information Disclosure:
  Server banners may reveal software versions.
• Resource Exhaustion:
  Large mailboxes can be targeted for DoS.

Want to save time on reporting?

Let PentestPad generate, track, and export your reports - automatically.

Book a Demo

Enumeration & Testing

Check if it’s open:

nmap -sT -p 993

Test SSL/TLS:

openssl s_client -connect :993

Verify certificate:

sslscan :993

What to Look For

Mitigation

• Strong Encryption:
  Enforce TLS 1.2+ and disable older protocols.
• Valid Certificates:
  Use properly signed SSL certificates.
• Strict Authentication:
  Implement MFA and strong password policies.
• Rate Limiting:
  Prevent automated password guessing attempts.
• Access Controls:
  Restrict IMAPS access to authorized networks.

TL;DR

• Port 993 = IMAPS (Secure IMAP)
• Critical for secure email access
• Requires current TLS versions
• Need strong authentication controls

Known CVEs and Exploits

• CVE-2021-38370 – Dovecot IMAP server authentication bypass
• CVE-2020-12100 – Dovecot IMAP/POP3 denial of service vulnerability
• Hydra IMAPS module – Password brute forcing against IMAPS authentication