Very interesting Opera 6 and Outlook Web Access behavior:

From: Parker, Mitch (mitch_parker@DIGINEXUS.COM)
Date: 02/04/02


Date:         Mon, 4 Feb 2002 12:56:30 -0500
From: "Parker, Mitch" <mitch_parker@DIGINEXUS.COM>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Here's the problem:

Outlook Web Access with domain authentication set up can be bypassed using
Opera 6 by doing the following:

1. Enter in a proper username and password in the dialog box.
2. When the second attempt for a password comes up, hit cancel.
3. Outlook Web Access comes up with your information:

Testing platform:

Exchange Server:

MS Exchange Server 5.5 SP4 with Hotfixes
Windows 2000 Server Service Pack 2 with Hotfixes
IIS 5.0 with Hotfixes and configured for domain authentication

Test Workstation:

Opera 6.0 Web Browser
Windows 2000 Professional Service Pack 2 with Hotfixes
IE 6.0 with hotfixes (since it changes OS behavior anyway)

I find this to be rather disturbing. Does this happen in Exchange 2000?

Mitch Parker
Diginexus Corporation

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by Qualys - Make Your Network Secure
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Go Beyond PARTIAL Security: FREE White Paper

Stop hassling with half-baked ENTERPRISE SECURITY.
FREE White Paper shows you how to ensure TOTAL security for your Internet
perimeter with the most current and most complete PROACTIVE Vulnerability
Assessment solution. Get your FREE White Paper now. Click here!
https://www.qualys.com/forms/techwhite_86.html
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo