1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Microsoft investigates possible Exchange 2003 flaw

Discussion in 'News' started by SimonV, Nov 22, 2003.

  1. SimonV

    SimonV Petabyte Poster Administrator

    [​IMG]<font size="3">Microsoft investigates possible Exchange 2003 flaw </font>

    Microsoft is investigating a potential security issue with Exchange Server 2003, which would be the first since the e-mail server was launched last month.

    The potential flaw lies in the Outlook Web Access (OWA) component of Exchange Server 2003. A network administrator at a Nashville, Tennessee, provider of investment performance reporting tools found that users logging in to OWA could be logged in to another user's mailbox at random and have full access privileges.

    "This seems to be a major security flaw and we have had to shut off OWA indefinitely because of the issue," the network administrator wrote in a posting to NTBugtraq, a well-known security mailing list.

    A preliminary investigation by Microsoft indicated that the issue occurs only with Kerberos authentication disabled, which the vendor said is uncommon. "We recommend that our customers ensure that Kerberos authentication is enabled, which is the default configuration," Microsoft said in a statement Friday.

    News source: Infoworld.com
    Certifications: MOS Master 2003, CompTIA A+, MCSA:M, MCSE
    WIP: Keeping CF Alive...


    Share This Page