Exchange anonymous IMAP allowed

Risk Level: Low risk vulnerability  Low

Check or Attack Name: ExchangeAnonIMAP
Platforms: Microsoft Exchange: 5.0, Microsoft Exchange: 5.5
Description:

If anonymous access to IMAP is enabled, an attacker could connect and possibly access confidential data. An attacker could also waste resources by creating folders and large files.

False Negatives: Microsoft Exchange allows you to configure IMAP to use any login name for anonymous access. If the login name has been changed from anonymous, this check will fail.
Remedy:

Disable anonymous access to IMAP.
References:
X-Force Logo
Know Your Risks