I have heard of this issue in Exchange 2003 FE/BE environments. It does not happen without a FE server or with a 2003 FE and 2000 BE.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Woodruff, Michael Posted At: Friday, November 21, 2003 9:57 AM Posted To: Exchange Discussion List Conversation: Exchange 2003 OWA Flaw? Subject: Exchange 2003 OWA Flaw? Is this BS or has anyone else heard of this "flaw"? -----Original Message----- From: Windows NTBugtraq Mailing List [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Johnson Sent: Friday, November 14, 2003 10:24 PM To: [EMAIL PROTECTED] Subject: Exchange 2003 OWA major security flaw We have upgraded our servers to Microsoft Exchange 2003 and noticed a severe security issue with OWA. When you log in with your own credentials you may be logged into another user's mailbox at random and has full access to this user's mailbox. Microsoft knows of the issue but does not have a fix yet. I was wondering how many others have seen this issue and have received the same answer from Microsoft. This seems to be a major security flaw and we have had to shut off OWA indefinitely because of the issue. Matthew Johnson CCNA Network Administrator Investment Scorecard, Inc. 615.301.7611 [EMAIL PROTECTED] www.investmentscorecard.com <http://www.investmentscorecard.com/> ----- Marcus Ranum's new book "The Myth of Homeland Security" is now out and is available from http://www.amazon.com/ranum In this hard-hitting review of the homeland security business, Ranum shows us how the problem is vastly harder than it's being made to sound, and how special interests, butt covering, and bureaucracy are threatening to derail any chance of making progress. ----- _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
