But, one could argue that this should have been a documented scenario... I'm not saying one way or the other. Just that it has taken an interesting turn.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David N. Precht Sent: Saturday, November 22, 2003 9:05 AM To: Exchange Discussions Subject: RE: Exchange 2003 OWA Flaw? But... A preliminary investigation by Microsoft indicated that the issue occurs only with Kerberos authentication disabled, which the vendor said is uncommon. "We recommend that our customers ensure that Kerberos authentication is enabled, which is the default configuration," Microsoft said in a statement Friday. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Blackstone Sent: Saturday, November 22, 2003 11:22 AM To: Exchange Discussions Subject: RE: Exchange 2003 OWA Flaw? This has taken a new turn... http://www.infoworld.com/article/03/11/21/HNmsflaw_1.html -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Woodruff, Michael Sent: Friday, November 21, 2003 9:25 AM To: Exchange Discussions Subject: RE: Exchange 2003 OWA Flaw? Not that I am aware of. My boss just passed it on to me. I'm not a participate in that list. I just thought it was odd since that would be a huge flaw and Microsoft or anyone for that matter has said nothing. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka Sent: Friday, November 21, 2003 11:18 AM To: Exchange Discussions Subject: RE: Exchange 2003 OWA Flaw? All seriousness aside, I know nothing about this issue. I'm inferring from the other responses to this thread that if two MVPs have no knowledge of the issue it probably doesn't exist. Mike W: Were there any follow-up posts on NTBUGTRAQ about this? > -----Original Message----- > From: Erik Sojka > Sent: Friday, November 21, 2003 11:15 AM > To: Exchange Discussions > Subject: RE: Exchange 2003 OWA Flaw? > > > I saw a posting about it on NTBUGTRAQ.COM. Some guy had to shut off > OWA indefinitely because of the issue. > > > > > -----Original Message----- > > From: Martin Blackstone [mailto:[EMAIL PROTECTED] > > Sent: Friday, November 21, 2003 11:10 AM > > To: Exchange Discussions > > Subject: RE: Exchange 2003 OWA Flaw? > > > > > > So you have seen this? > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka > > Sent: Friday, November 21, 2003 8:12 AM > > To: Exchange Discussions > > Subject: RE: Exchange 2003 OWA Flaw? > > > > That's because "Microsoft knows of the issue but does not have a fix > > yet". > > > > > -----Original Message----- > > > From: Ben Winzenz [mailto:[EMAIL PROTECTED] > > > Sent: Friday, November 21, 2003 11:10 AM > > > To: Exchange Discussions > > > Subject: RE: Exchange 2003 OWA Flaw? > > > > > > > > > I have not heard of it... > > > > > > > > > Ben Winzenz > > > Network Engineer > > > Gardner & White > > > (317) 581-1580 ext 418 > > > > > > > > > -----Original Message----- > > > From: Woodruff, Michael [mailto:[EMAIL PROTECTED] Posted At: > > > Friday, November 21, 2003 10:57 AM Posted To: Exchange (Swynk) > > > Conversation: Exchange 2003 OWA Flaw? > > > Subject: Exchange 2003 OWA Flaw? > > > > > > > > > Is this BS or has anyone else heard of this "flaw"? > > > > > > > > > -----Original Message----- > > > From: Windows NTBugtraq Mailing List > > > [mailto:[EMAIL PROTECTED] On Behalf Of > > Matthew Johnson > > > Sent: Friday, November 14, 2003 10:24 PM > > > To: [EMAIL PROTECTED] > > > Subject: Exchange 2003 OWA major security flaw > > > > > > > > > > > > We have upgraded our servers to Microsoft Exchange 2003 and > > noticed a > > > severe security issue with OWA. When you log in with your own > > > credentials you may be logged into another user's mailbox at > > > random and has full access to this user's mailbox. Microsoft knows > > > of the issue but does not have a fix yet. I was wondering how many > > > others have seen this issue and have received the same answer from > > > Microsoft. > > > > > > This seems to be a major security flaw and we have had to > > shut off OWA > > > indefinitely because of the issue. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Matthew Johnson CCNA > > > > > > Network Administrator > > > > > > Investment Scorecard, Inc. > > > > > > 615.301.7611 > > > > > > [EMAIL PROTECTED] > > > > > www.investmentscorecard.com <http://www.investmentscorecard.com/> > > > > > > > > > > ----- > > Marcus Ranum's new book "The Myth of Homeland Security" is > now out and > > is available from http://www.amazon.com/ranum In this hard-hitting > > review of the homeland security business, Ranum shows us how the > > problem is vastly harder than it's being made to sound, and how > > special interests, butt covering, and bureaucracy are threatening to > > derail any chance of making progress. > > ----- > > > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=& > lang=english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=&lang = english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang= english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang= english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
