This has taken a new turn... http://www.infoworld.com/article/03/11/21/HNmsflaw_1.html
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Woodruff, Michael Sent: Friday, November 21, 2003 9:25 AM To: Exchange Discussions Subject: RE: Exchange 2003 OWA Flaw? Not that I am aware of. My boss just passed it on to me. I'm not a participate in that list. I just thought it was odd since that would be a huge flaw and Microsoft or anyone for that matter has said nothing. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka Sent: Friday, November 21, 2003 11:18 AM To: Exchange Discussions Subject: RE: Exchange 2003 OWA Flaw? All seriousness aside, I know nothing about this issue. I'm inferring from the other responses to this thread that if two MVPs have no knowledge of the issue it probably doesn't exist. Mike W: Were there any follow-up posts on NTBUGTRAQ about this? > -----Original Message----- > From: Erik Sojka > Sent: Friday, November 21, 2003 11:15 AM > To: Exchange Discussions > Subject: RE: Exchange 2003 OWA Flaw? > > > I saw a posting about it on NTBUGTRAQ.COM. Some guy had to shut off > OWA indefinitely because of the issue. > > > > > -----Original Message----- > > From: Martin Blackstone [mailto:[EMAIL PROTECTED] > > Sent: Friday, November 21, 2003 11:10 AM > > To: Exchange Discussions > > Subject: RE: Exchange 2003 OWA Flaw? > > > > > > So you have seen this? > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka > > Sent: Friday, November 21, 2003 8:12 AM > > To: Exchange Discussions > > Subject: RE: Exchange 2003 OWA Flaw? > > > > That's because "Microsoft knows of the issue but does not have a fix > > yet". > > > > > -----Original Message----- > > > From: Ben Winzenz [mailto:[EMAIL PROTECTED] > > > Sent: Friday, November 21, 2003 11:10 AM > > > To: Exchange Discussions > > > Subject: RE: Exchange 2003 OWA Flaw? > > > > > > > > > I have not heard of it... > > > > > > > > > Ben Winzenz > > > Network Engineer > > > Gardner & White > > > (317) 581-1580 ext 418 > > > > > > > > > -----Original Message----- > > > From: Woodruff, Michael [mailto:[EMAIL PROTECTED] Posted At: > > > Friday, November 21, 2003 10:57 AM Posted To: Exchange (Swynk) > > > Conversation: Exchange 2003 OWA Flaw? > > > Subject: Exchange 2003 OWA Flaw? > > > > > > > > > Is this BS or has anyone else heard of this "flaw"? > > > > > > > > > -----Original Message----- > > > From: Windows NTBugtraq Mailing List > > > [mailto:[EMAIL PROTECTED] On Behalf Of > > Matthew Johnson > > > Sent: Friday, November 14, 2003 10:24 PM > > > To: [EMAIL PROTECTED] > > > Subject: Exchange 2003 OWA major security flaw > > > > > > > > > > > > We have upgraded our servers to Microsoft Exchange 2003 and > > noticed a > > > severe security issue with OWA. When you log in with your own > > > credentials you may be logged into another user's mailbox at > > > random and has full access to this user's mailbox. Microsoft knows > > > of the issue but does not have a fix yet. I was wondering how many > > > others have seen this issue and have received the same answer from > > > Microsoft. > > > > > > This seems to be a major security flaw and we have had to > > shut off OWA > > > indefinitely because of the issue. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Matthew Johnson CCNA > > > > > > Network Administrator > > > > > > Investment Scorecard, Inc. > > > > > > 615.301.7611 > > > > > > [EMAIL PROTECTED] > > > > > www.investmentscorecard.com <http://www.investmentscorecard.com/> > > > > > > > > > > ----- > > Marcus Ranum's new book "The Myth of Homeland Security" is > now out and > > is available from http://www.amazon.com/ranum In this hard-hitting > > review of the homeland security business, Ranum shows us how the > > problem is vastly harder than it's being made to sound, and how > > special interests, butt covering, and bureaucracy are threatening to > > derail any chance of making progress. > > ----- > > > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=& > lang=english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=&lang = english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang= english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang= english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
