EN
Русский
TCP
Dangerous
Mail
Port 143 (IMAP)
Learn about port 143 (IMAP) - security risks, vulnerabilities, and common uses. Find devices with port 143 open.
Quick Info
Port Number
143
Protocol
TCP
Service
IMAP
IANA Name
IMAP
Service Description
Network port 143, utilizing the TCP protocol, is the standard port for the Internet Message Access Protocol (IMAP). IMAP is an application-layer internet protocol that allows email clients to access email messages stored on a mail server. Unlike POP3, which typically downloads emails to the client and removes them from the server, IMAP generally leaves emails on the server, allowing users to access their email from multiple devices and locations. IMAP supports mailbox manipulation, allowing clients to create, rename, and delete mailboxes (folders) on the server. The protocol's design facilitates efficient retrieval of email headers and parts of messages, reducing bandwidth consumption when reviewing emails. The initial specification for IMAP was created in the late 1980s, evolving to IMAP4 and later IMAP4rev1, which is the most widely used version today (RFC 3501).
## Firewall Recommendations
For most users, port 143 should be blocked on the firewall unless an IMAP server is running on the local network or access to an external IMAP server is required. If access is required, it is strongly recommended to use the encrypted version of IMAP, IMAPS, which operates on port 993. If port 143 is allowed, ensure that the IMAP server is properly configured and patched against known vulnerabilities. Implement strong password policies and consider using multi-factor authentication to protect against brute-force attacks. Regularly monitor server logs for suspicious activity. Network segmentation can also help limit the impact of a successful attack.
## Firewall Recommendations
For most users, port 143 should be blocked on the firewall unless an IMAP server is running on the local network or access to an external IMAP server is required. If access is required, it is strongly recommended to use the encrypted version of IMAP, IMAPS, which operates on port 993. If port 143 is allowed, ensure that the IMAP server is properly configured and patched against known vulnerabilities. Implement strong password policies and consider using multi-factor authentication to protect against brute-force attacks. Regularly monitor server logs for suspicious activity. Network segmentation can also help limit the impact of a successful attack.
Security Information
Port 143 is a common target for attackers due to the sensitive nature of email data. Brute-force attacks targeting user credentials are a prevalent threat, aiming to gain unauthorized access to mailboxes. Password spraying, where attackers try common passwords against multiple accounts, is also a common attack vector. Man-in-the-middle (MITM) attacks can intercept communication between the client and the server, potentially exposing usernames, passwords, and email content. Unencrypted IMAP connections are particularly vulnerable to eavesdropping. Weak server configurations or outdated software versions can introduce vulnerabilities that attackers can exploit to gain control of the server or access sensitive data. Furthermore, vulnerabilities in the IMAP server software itself can be exploited to execute arbitrary code or gain unauthorized access.
Known Vulnerabilities
| CVE | Name | Severity | Description |
|---|---|---|---|
| CVE-2023-32158 | Dovecot integer overflow vulnerability | High | An integer overflow vulnerability in Dovecot before 2.3.21.1 and 2.4.x before 2.4.18 allows remote attackers to cause a denial of service (crash) via a crafted IMAP command. |
| CVE-2021-3410 | Cyrus IMAP server before 3.4.4 has a buffer overflow | High | Cyrus IMAP server before 3.4.4 has a buffer overflow in imapd via a long argument to a command, leading to a denial of service or possibly arbitrary code execution. |
| CVE-2019-11497 | Exim SMTPd TLS renegotiation vulnerability | High | Exim before 4.92.1 allows remote attackers to execute arbitrary code as root via a TLS renegotiation attack, because a TLS renegotiation can occur after the point where Exim has determined not to require authentication. |
| CVE-2018-11784 | Apache James Server Improper Input Validation vulnerability | Medium | Improper input validation in Apache James Server 3.0.0 to 3.0.0beta5 allows an attacker to inject arbitrary IMAP commands via crafted 'create' folder names. |
| CVE-2017-14491 | Heap-based buffer overflow in the process_rfc822 function in tcpdump | Medium | The process_rfc822 function in tcpdump before 4.9.2 has a heap-based buffer overflow in print-nfs.c. |
| CVE-2017-9951 | Horde Groupware Webmail Edition Improper Input Validation | Medium | Horde Groupware Webmail Edition before 5.2.18 allows code execution via shell command injection in the compose form when the mail message is saved as a draft. |
Common Software
- Dovecot
- Courier-IMAP
- Cyrus IMAP server
- Microsoft Exchange Server
- Gmail (IMAP)
- Apple Mail
- Mozilla Thunderbird
- Microsoft Outlook
Find all devices with port 143 open
ScaniteX scans millions of IPs to find devices with specific ports open. Perfect for security research and network auditing.
Start Mass Scanning