Steve, Thanks for bringing this up. I've known about this issue for a bit of time (~5 days), and I think you're being kind saying it's a potential flaw. IMNSHO, it's a really huge, gaping, festering wound that one could drive a Peterbuilt through.
But, I could be wrong..... ;o) Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone WebLog - www.msmvps.com/willhack4food -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Shaff Sent: Monday, November 24, 2003 4:24 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Microsoft investigates possible Exchange 2003 flaw I thought that the group might be interested in this. The potential flaw lies in the Outlook Web Access (OWA) component of Exchange Server 2003. A network administrator at a Nashville, Tenn., provider of investment performance reporting tools found that users logging in to OWA could be logged in to another user's mailbox at random and have full access privileges. http://www.nwfusion.com/news/2003/1121microinves2.html?nl Sincerely, Steve ***************************************** Steve Shaff Active Directory / Exchange Administrator Corillian Corporation (W) 503.629.3538 (C) 503.807.4797 (F) 503.629.3674 List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
