Exchange 2003 OWA major security flaw
From: Matthew Johnson (MJOHNSON_at_INVESTMENTSCORECARD.COM)
Date: 11/15/03
- Previous message: john.tjin_at_ACHMEA.NL: "Reply to: MS 03-041 and SSL Certificates"
- Next in thread: Martin Blackstone: "Re: Exchange 2003 OWA major security flaw"
- Maybe reply: Martin Blackstone: "Re: Exchange 2003 OWA major security flaw"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 14 Nov 2003 21:23:59 -0600 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
We have upgraded our servers to Microsoft Exchange 2003 and noticed a
severe security issue with OWA. When you log in with your own
credentials you may be logged into another user's mailbox at random and
has full access to this user's mailbox. Microsoft knows of the issue but
does not have a fix yet. I was wondering how many others have seen this
issue and have received the same answer from Microsoft.
This seems to be a major security flaw and we have had to shut off OWA
indefinitely because of the issue.
Matthew Johnson CCNA
Network Administrator
Investment Scorecard, Inc.
615.301.7611
mjohnson@investmentscorecard.com
www.investmentscorecard.com <http://www.investmentscorecard.com/>
-----
Marcus Ranum's new book "The Myth of Homeland Security" is now out and
is available from http://www.amazon.com/ranum In this hard-hitting
review of the homeland security business, Ranum shows us how the problem
is vastly harder than it's being made to sound, and how special
interests, *** covering, and bureaucracy are threatening to derail any
chance of making progress.
-----
- Previous message: john.tjin_at_ACHMEA.NL: "Reply to: MS 03-041 and SSL Certificates"
- Next in thread: Martin Blackstone: "Re: Exchange 2003 OWA major security flaw"
- Maybe reply: Martin Blackstone: "Re: Exchange 2003 OWA major security flaw"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
