I seem to remember something similar when e2k came out, and it was a permissions issue.
Don't know if I still have anything about it tho. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka Sent: Friday, November 21, 2003 11:18 AM To: Exchange Discussions Subject: RE: Exchange 2003 OWA Flaw? It's always Microsoft's fault. > -----Original Message----- > From: Martin Blackstone [mailto:[EMAIL PROTECTED] > Sent: Friday, November 21, 2003 11:13 AM > To: Exchange Discussions > Subject: RE: Exchange 2003 OWA Flaw? > > > I'm thinking the same thing. > I imagine this guy managed to flub up his install some way or > another and > now it's a bug to him > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Ben Winzenz > Sent: Friday, November 21, 2003 8:15 AM > To: Exchange Discussions > Subject: RE: Exchange 2003 OWA Flaw? > > I haven't seen any reports of this on any of the newsgroups > or anywhere > else. If it was this big of a flaw, I suspect there would be a big > stink about it. > > > Ben Winzenz > Network Engineer > Gardner & White > (317) 581-1580 ext 418 > > > -----Original Message----- > From: Erik Sojka [mailto:[EMAIL PROTECTED] > Posted At: Friday, November 21, 2003 11:12 AM > Posted To: Exchange (Swynk) > Conversation: Exchange 2003 OWA Flaw? > Subject: RE: Exchange 2003 OWA Flaw? > > > That's because "Microsoft knows of the issue but does not have a fix > yet". > > > -----Original Message----- > > From: Ben Winzenz [mailto:[EMAIL PROTECTED] > > Sent: Friday, November 21, 2003 11:10 AM > > To: Exchange Discussions > > Subject: RE: Exchange 2003 OWA Flaw? > > > > > > I have not heard of it... > > > > > > Ben Winzenz > > Network Engineer > > Gardner & White > > (317) 581-1580 ext 418 > > > > > > -----Original Message----- > > From: Woodruff, Michael [mailto:[EMAIL PROTECTED] Posted At: > > Friday, November 21, 2003 10:57 AM Posted To: Exchange (Swynk) > > Conversation: Exchange 2003 OWA Flaw? > > Subject: Exchange 2003 OWA Flaw? > > > > > > Is this BS or has anyone else heard of this "flaw"? > > > > > > -----Original Message----- > > From: Windows NTBugtraq Mailing List > > [mailto:[EMAIL PROTECTED] On Behalf Of > Matthew Johnson > > Sent: Friday, November 14, 2003 10:24 PM > > To: [EMAIL PROTECTED] > > Subject: Exchange 2003 OWA major security flaw > > > > > > > > We have upgraded our servers to Microsoft Exchange 2003 and > noticed a > > severe security issue with OWA. When you log in with your own > > credentials you may be logged into another user's mailbox at random > > and has full access to this user's mailbox. Microsoft knows of the > > issue but does not have a fix yet. I was wondering how many others > > have seen this issue and have received the same answer from > Microsoft. > > > > This seems to be a major security flaw and we have had to > shut off OWA > > > indefinitely because of the issue. > > > > > > > > > > > > > > > > > > > > > > > > > > > > Matthew Johnson CCNA > > > > Network Administrator > > > > Investment Scorecard, Inc. > > > > 615.301.7611 > > > > [EMAIL PROTECTED] > > > www.investmentscorecard.com <http://www.investmentscorecard.com/> > > > > > ----- > Marcus Ranum's new book "The Myth of Homeland Security" is now out and > is available from http://www.amazon.com/ranum In this hard-hitting > review of the homeland security business, Ranum shows us how the > problem is vastly harder than it's being made to sound, and how > special interests, butt covering, and bureaucracy are threatening to > derail any > chance of making progress. > ----- > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=& > lang=english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=& lang= english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=& lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=& lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=& lang= english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=& lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]