logo

Port 995 – POP3S (POP3 over SSL)

Service:

pop3s

Protocol:

TCP

Port:

995

Used for:

Secure POP3 email service over SSL/TLS

Why It’s Open

Port 995 is used for Post Office Protocol version 3 over SSL/TLS (POP3S), providing encrypted access to email messages. Unlike standard POP3 on port 110, POP3S ensures that all communications, including authentication and email retrieval, are encrypted. This is crucial for protecting sensitive email content and credentials during transmission.

Mail servers expose this port to allow secure email retrieval by client applications. While IMAP is more popular for modern email access, POP3S remains widely used, especially in environments with legacy email clients or where local email storage is preferred.

Common Risks

  • SSL/TLS Vulnerabilities:
    Outdated encryption protocols can be exploited.
  • Authentication Attacks:
    Weak passwords vulnerable to brute force attempts.
  • Email Harvesting:
    Compromised accounts can lead to data theft.
  • Certificate Issues:
    Invalid certificates enable MitM attacks.
  • Version Disclosure:
    Server banners may reveal vulnerable software.
  • SSL/TLS Weaknesses:
    Vulnerable protocol versions.
  • Authentication Bypass:
    Weak password mechanisms.
  • Mail Data Leakage:
    Through SSL/TLS misconfigurations.
  • Credential Theft:
    Man-in-the-middle attacks.
  • Version Exposure:
    Server information disclosure.

Want to save time on reporting?

Let PentestPad generate, track, and export your reports - automatically.

logo-cta

Enumeration & Testing

Check if it’s open:

Terminal window
nmap -sT -p 995

Test SSL/TLS:

Terminal window
openssl s_client -connect :995

Verify certificate:

Terminal window
sslscan :995

What to Look For

CheckpointWhat it means
Weak SSL/TLS versionsVulnerable to known attacks
Self-signed certificatesPotential for man-in-the-middle
Missing rate limitingSusceptible to password guessing
Server version exposedVersion information aids targeting

Mitigation

  • Strong Encryption:
    Enforce TLS 1.2+ and disable older protocols.
  • Valid Certificates:
    Use properly signed SSL certificates.
  • Strict Authentication:
    Implement MFA where possible.
  • Rate Limiting:
    Prevent automated login attempts.
  • Access Controls:
    Restrict POP3S access to authorized networks.

TL;DR

  • Port 995 = POP3S (Secure POP3)
  • Encrypted email retrieval
  • Legacy but still common
  • Requires strong security controls

Known CVEs and Exploits

  • CVE-2020-12100 – Dovecot POP3 denial of service vulnerability
  • CVE-2019-11500 – Dovecot POP3/IMAP authentication bypass
  • Hydra POP3S module – Password brute forcing against POP3S authentication