subject:"Exchange 2003 OWA Flaw\?"

RE: Exchange 2003 OWA Flaw?

2003-11-27 Thread David Lemson

Quite a lot of info has been posted to the following web page:

http://www.microsoft.com/exchange/support/e2k3owa.asp

David 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Martin
Blackstone
Sent: Saturday, November 22, 2003 9:07 AM
To: Exchange Discussions
Subject: RE: Exchange 2003 OWA Flaw?

But, one could argue that this should have been a documented scenario...
I'm not saying one way or the other. Just that it has taken an
interesting turn.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David N. Precht
Sent: Saturday, November 22, 2003 9:05 AM
To: Exchange Discussions
Subject: RE: Exchange 2003 OWA Flaw?

But...
A preliminary investigation by Microsoft indicated that the issue occurs
only with Kerberos authentication disabled, which the vendor said is
uncommon. "We recommend that our customers ensure that Kerberos
authentication is enabled, which is the default configuration,"
Microsoft said in a statement Friday. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Martin
Blackstone
Sent: Saturday, November 22, 2003 11:22 AM
To: Exchange Discussions
Subject: RE: Exchange 2003 OWA Flaw?


This has taken a new turn...
http://www.infoworld.com/article/03/11/21/HNmsflaw_1.html 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Woodruff,
Michael
Sent: Friday, November 21, 2003 9:25 AM
To: Exchange Discussions
Subject: RE: Exchange 2003 OWA Flaw?

Not that I am aware of.  My boss just passed it on to me.  I'm not a
participate in that list.  I just thought it was odd since that would be
a huge flaw and Microsoft or anyone for that matter has said nothing.   

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka
Sent: Friday, November 21, 2003 11:18 AM
To: Exchange Discussions
Subject: RE: Exchange 2003 OWA Flaw?

All seriousness aside, I know nothing about this issue.  

I'm inferring from the other responses to this thread that if two MVPs
have no knowledge of the issue it probably doesn't exist.  

Mike W: Were there any follow-up posts on NTBUGTRAQ about this?  

> -Original Message-
> From: Erik Sojka
> Sent: Friday, November 21, 2003 11:15 AM
> To: Exchange Discussions
> Subject: RE: Exchange 2003 OWA Flaw?
> 
> 
> I saw a posting about it on NTBUGTRAQ.COM.  Some guy had to shut off 
> OWA indefinitely because of the issue.
> 
> 
> 
> > -Original Message-
> > From: Martin Blackstone [mailto:[EMAIL PROTECTED]
> > Sent: Friday, November 21, 2003 11:10 AM
> > To: Exchange Discussions
> > Subject: RE: Exchange 2003 OWA Flaw?
> > 
> > 
> > So you have seen this?
> > 
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka
> > Sent: Friday, November 21, 2003 8:12 AM
> > To: Exchange Discussions
> > Subject: RE: Exchange 2003 OWA Flaw?
> > 
> > That's because "Microsoft knows of the issue but does not have a fix

> > yet".
> > 
> > > -Original Message-
> > > From: Ben Winzenz [mailto:[EMAIL PROTECTED]
> > > Sent: Friday, November 21, 2003 11:10 AM
> > > To: Exchange Discussions
> > > Subject: RE: Exchange 2003 OWA Flaw?
> > > 
> > > 
> > > I have not heard of it...
> > > 
> > > 
> > > Ben Winzenz
> > > Network Engineer
> > > Gardner & White
> > > (317) 581-1580 ext 418
> > > 
> > > 
> > > -Original Message-
> > > From: Woodruff, Michael [mailto:[EMAIL PROTECTED] Posted At:
> > > Friday, November 21, 2003 10:57 AM Posted To: Exchange (Swynk)
> > > Conversation: Exchange 2003 OWA Flaw?
> > > Subject: Exchange 2003 OWA Flaw?
> > > 
> > > 
> > > Is this BS or has anyone else heard of this "flaw"?
> > > 
> > > 
> > > -Original Message-
> > > From: Windows NTBugtraq Mailing List 
> > > [mailto:[EMAIL PROTECTED] On Behalf Of
> > Matthew Johnson
> > > Sent: Friday, November 14, 2003 10:24 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: Exchange 2003 OWA major security flaw
> > > 
> > >  
> > > 
> > > We have upgraded our servers to Microsoft Exchange 2003 and
> > noticed a
> > > severe security issue with OWA. When you log in with your own 
> > > credentials you may be logged into another user's mailbox at 
> > > random and has full access to this user's mailbox. Microsoft knows

> > > of the issue but does not h

RE: Exchange 2003 OWA Flaw?

2003-11-22 Thread Martin Blackstone

But, one could argue that this should have been a documented scenario...
I'm not saying one way or the other. Just that it has taken an interesting
turn.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David N. Precht
Sent: Saturday, November 22, 2003 9:05 AM
To: Exchange Discussions
Subject: RE: Exchange 2003 OWA Flaw?

But...
A preliminary investigation by Microsoft indicated that the issue occurs
only with Kerberos authentication disabled, which the vendor said is
uncommon. "We recommend that our customers ensure that Kerberos
authentication is enabled, which is the default configuration,"
Microsoft said in a statement Friday. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Martin Blackstone
Sent: Saturday, November 22, 2003 11:22 AM
To: Exchange Discussions
Subject: RE: Exchange 2003 OWA Flaw?


This has taken a new turn...
http://www.infoworld.com/article/03/11/21/HNmsflaw_1.html 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Woodruff, Michael
Sent: Friday, November 21, 2003 9:25 AM
To: Exchange Discussions
Subject: RE: Exchange 2003 OWA Flaw?

Not that I am aware of.  My boss just passed it on to me.  I'm not a
participate in that list.  I just thought it was odd since that would be
a huge flaw and Microsoft or anyone for that matter has said nothing.   

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka
Sent: Friday, November 21, 2003 11:18 AM
To: Exchange Discussions
Subject: RE: Exchange 2003 OWA Flaw?

All seriousness aside, I know nothing about this issue.  

I'm inferring from the other responses to this thread that if two MVPs have
no knowledge of the issue it probably doesn't exist.  

Mike W: Were there any follow-up posts on NTBUGTRAQ about this?  

> -Original Message-
> From: Erik Sojka
> Sent: Friday, November 21, 2003 11:15 AM
> To: Exchange Discussions
> Subject: RE: Exchange 2003 OWA Flaw?
> 
> 
> I saw a posting about it on NTBUGTRAQ.COM.  Some guy had to shut off 
> OWA indefinitely because of the issue.
> 
> 
> 
> > -Original Message-
> > From: Martin Blackstone [mailto:[EMAIL PROTECTED]
> > Sent: Friday, November 21, 2003 11:10 AM
> > To: Exchange Discussions
> > Subject: RE: Exchange 2003 OWA Flaw?
> > 
> > 
> > So you have seen this?
> > 
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka
> > Sent: Friday, November 21, 2003 8:12 AM
> > To: Exchange Discussions
> > Subject: RE: Exchange 2003 OWA Flaw?
> > 
> > That's because "Microsoft knows of the issue but does not have a fix 
> > yet".
> > 
> > > -Original Message-
> > > From: Ben Winzenz [mailto:[EMAIL PROTECTED]
> > > Sent: Friday, November 21, 2003 11:10 AM
> > > To: Exchange Discussions
> > > Subject: RE: Exchange 2003 OWA Flaw?
> > > 
> > > 
> > > I have not heard of it...
> > > 
> > > 
> > > Ben Winzenz
> > > Network Engineer
> > > Gardner & White
> > > (317) 581-1580 ext 418
> > > 
> > > 
> > > -Original Message-
> > > From: Woodruff, Michael [mailto:[EMAIL PROTECTED] Posted At:
> > > Friday, November 21, 2003 10:57 AM Posted To: Exchange (Swynk)
> > > Conversation: Exchange 2003 OWA Flaw?
> > > Subject: Exchange 2003 OWA Flaw?
> > > 
> > > 
> > > Is this BS or has anyone else heard of this "flaw"?
> > > 
> > > 
> > > -Original Message-
> > > From: Windows NTBugtraq Mailing List 
> > > [mailto:[EMAIL PROTECTED] On Behalf Of
> > Matthew Johnson
> > > Sent: Friday, November 14, 2003 10:24 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: Exchange 2003 OWA major security flaw
> > > 
> > >  
> > > 
> > > We have upgraded our servers to Microsoft Exchange 2003 and
> > noticed a
> > > severe security issue with OWA. When you log in with your own 
> > > credentials you may be logged into another user's mailbox at 
> > > random and has full access to this user's mailbox. Microsoft knows

> > > of the issue but does not have a fix yet. I was wondering how many

> > > others have seen this issue and have received the same answer from

> > > Microsoft.
> > > 
> > > This seems to be a major security flaw and we have had to
> > shut off OWA
> > > indefinitely because of the issue.
> > > 
> > >  
> > >

RE: Exchange 2003 OWA Flaw?

2003-11-22 Thread David N. Precht

But...
A preliminary investigation by Microsoft indicated that the issue occurs
only with Kerberos authentication disabled, which the vendor said is
uncommon. "We recommend that our customers ensure that Kerberos
authentication is enabled, which is the default configuration,"
Microsoft said in a statement Friday. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Martin
Blackstone
Sent: Saturday, November 22, 2003 11:22 AM
To: Exchange Discussions
Subject: RE: Exchange 2003 OWA Flaw?


This has taken a new turn...
http://www.infoworld.com/article/03/11/21/HNmsflaw_1.html 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Woodruff,
Michael
Sent: Friday, November 21, 2003 9:25 AM
To: Exchange Discussions
Subject: RE: Exchange 2003 OWA Flaw?

Not that I am aware of.  My boss just passed it on to me.  I'm not a
participate in that list.  I just thought it was odd since that would be
a huge flaw and Microsoft or anyone for that matter has said nothing.   

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka
Sent: Friday, November 21, 2003 11:18 AM
To: Exchange Discussions
Subject: RE: Exchange 2003 OWA Flaw?

All seriousness aside, I know nothing about this issue.  

I'm inferring from the other responses to this thread that if two MVPs
have no knowledge of the issue it probably doesn't exist.  

Mike W: Were there any follow-up posts on NTBUGTRAQ about this?  

> -Original Message-
> From: Erik Sojka
> Sent: Friday, November 21, 2003 11:15 AM
> To: Exchange Discussions
> Subject: RE: Exchange 2003 OWA Flaw?
> 
> 
> I saw a posting about it on NTBUGTRAQ.COM.  Some guy had to shut off
> OWA indefinitely because of the issue.
> 
> 
> 
> > -Original Message-
> > From: Martin Blackstone [mailto:[EMAIL PROTECTED]
> > Sent: Friday, November 21, 2003 11:10 AM
> > To: Exchange Discussions
> > Subject: RE: Exchange 2003 OWA Flaw?
> > 
> > 
> > So you have seen this?
> > 
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka
> > Sent: Friday, November 21, 2003 8:12 AM
> > To: Exchange Discussions
> > Subject: RE: Exchange 2003 OWA Flaw?
> > 
> > That's because "Microsoft knows of the issue but does not have a fix
> > yet".
> > 
> > > -Original Message-
> > > From: Ben Winzenz [mailto:[EMAIL PROTECTED]
> > > Sent: Friday, November 21, 2003 11:10 AM
> > > To: Exchange Discussions
> > > Subject: RE: Exchange 2003 OWA Flaw?
> > > 
> > > 
> > > I have not heard of it...
> > > 
> > > 
> > > Ben Winzenz
> > > Network Engineer
> > > Gardner & White
> > > (317) 581-1580 ext 418
> > > 
> > > 
> > > -Original Message-
> > > From: Woodruff, Michael [mailto:[EMAIL PROTECTED] Posted At:
> > > Friday, November 21, 2003 10:57 AM Posted To: Exchange (Swynk)
> > > Conversation: Exchange 2003 OWA Flaw?
> > > Subject: Exchange 2003 OWA Flaw?
> > > 
> > > 
> > > Is this BS or has anyone else heard of this "flaw"?
> > > 
> > > 
> > > -Original Message-
> > > From: Windows NTBugtraq Mailing List
> > > [mailto:[EMAIL PROTECTED] On Behalf Of
> > Matthew Johnson
> > > Sent: Friday, November 14, 2003 10:24 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: Exchange 2003 OWA major security flaw
> > > 
> > >  
> > > 
> > > We have upgraded our servers to Microsoft Exchange 2003 and
> > noticed a
> > > severe security issue with OWA. When you log in with your own
> > > credentials you may be logged into another user's mailbox at 
> > > random and has full access to this user's mailbox. Microsoft knows

> > > of the issue but does not have a fix yet. I was wondering how many

> > > others have seen this issue and have received the same answer from

> > > Microsoft.
> > > 
> > > This seems to be a major security flaw and we have had to
> > shut off OWA
> > > indefinitely because of the issue.
> > > 
> > >  
> > > 
> > >  
> > > 
> > >  
> > > 
> > >  
> > > 
> > >  
> > > 
> > >  
> > > 
> > > Matthew Johnson CCNA
> > > 
> > > Network Administrator
> > > 
> > > Investment Scorecard, Inc.
> > > 
> > > 615.301.7611
>

RE: Exchange 2003 OWA Flaw?

2003-11-22 Thread Martin Blackstone

This has taken a new turn...
http://www.infoworld.com/article/03/11/21/HNmsflaw_1.html 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Woodruff, Michael
Sent: Friday, November 21, 2003 9:25 AM
To: Exchange Discussions
Subject: RE: Exchange 2003 OWA Flaw?

Not that I am aware of.  My boss just passed it on to me.  I'm not a
participate in that list.  I just thought it was odd since that would be
a huge flaw and Microsoft or anyone for that matter has said nothing.   

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka
Sent: Friday, November 21, 2003 11:18 AM
To: Exchange Discussions
Subject: RE: Exchange 2003 OWA Flaw?

All seriousness aside, I know nothing about this issue.  

I'm inferring from the other responses to this thread that if two MVPs have
no knowledge of the issue it probably doesn't exist.  

Mike W: Were there any follow-up posts on NTBUGTRAQ about this?  

> -Original Message-
> From: Erik Sojka
> Sent: Friday, November 21, 2003 11:15 AM
> To: Exchange Discussions
> Subject: RE: Exchange 2003 OWA Flaw?
> 
> 
> I saw a posting about it on NTBUGTRAQ.COM.  Some guy had to shut off 
> OWA indefinitely because of the issue.
> 
> 
> 
> > -Original Message-
> > From: Martin Blackstone [mailto:[EMAIL PROTECTED]
> > Sent: Friday, November 21, 2003 11:10 AM
> > To: Exchange Discussions
> > Subject: RE: Exchange 2003 OWA Flaw?
> > 
> > 
> > So you have seen this? 
> > 
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka
> > Sent: Friday, November 21, 2003 8:12 AM
> > To: Exchange Discussions
> > Subject: RE: Exchange 2003 OWA Flaw?
> > 
> > That's because "Microsoft knows of the issue but does not have a fix 
> > yet".
> > 
> > > -----Original Message-
> > > From: Ben Winzenz [mailto:[EMAIL PROTECTED]
> > > Sent: Friday, November 21, 2003 11:10 AM
> > > To: Exchange Discussions
> > > Subject: RE: Exchange 2003 OWA Flaw?
> > > 
> > > 
> > > I have not heard of it... 
> > > 
> > > 
> > > Ben Winzenz
> > > Network Engineer
> > > Gardner & White
> > > (317) 581-1580 ext 418
> > > 
> > > 
> > > -Original Message-
> > > From: Woodruff, Michael [mailto:[EMAIL PROTECTED] Posted At: 
> > > Friday, November 21, 2003 10:57 AM Posted To: Exchange (Swynk)
> > > Conversation: Exchange 2003 OWA Flaw?
> > > Subject: Exchange 2003 OWA Flaw?
> > > 
> > > 
> > > Is this BS or has anyone else heard of this "flaw"?
> > > 
> > > 
> > > -Original Message-
> > > From: Windows NTBugtraq Mailing List 
> > > [mailto:[EMAIL PROTECTED] On Behalf Of
> > Matthew Johnson
> > > Sent: Friday, November 14, 2003 10:24 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: Exchange 2003 OWA major security flaw
> > > 
> > >  
> > > 
> > > We have upgraded our servers to Microsoft Exchange 2003 and
> > noticed a
> > > severe security issue with OWA. When you log in with your own 
> > > credentials you may be logged into another user's mailbox at 
> > > random and has full access to this user's mailbox. Microsoft knows 
> > > of the issue but does not have a fix yet. I was wondering how many 
> > > others have seen this issue and have received the same answer from 
> > > Microsoft.
> > > 
> > > This seems to be a major security flaw and we have had to
> > shut off OWA
> > > indefinitely because of the issue. 
> > > 
> > >  
> > > 
> > >  
> > > 
> > >  
> > > 
> > >  
> > > 
> > >  
> > > 
> > >  
> > > 
> > > Matthew Johnson CCNA
> > > 
> > > Network Administrator
> > > 
> > > Investment Scorecard, Inc. 
> > > 
> > > 615.301.7611
> > > 
> > > [EMAIL PROTECTED]
> > > 
> > www.investmentscorecard.com <http://www.investmentscorecard.com/>
> > 
> >  
> > 
> > 
> > -
> > Marcus Ranum's new book "The Myth of Homeland Security" is
> now out and
> > is available from http://www.amazon.com/ranum In this hard-hitting 
> > review of the homeland security business, Ranum shows us how the 
> > problem is vastly harder than it's being made to sound, and how 
&g

RE: Exchange 2003 OWA Flaw?

2003-11-21 Thread Jeff Beckham

I have heard of this issue in Exchange 2003 FE/BE environments.  It does
not happen without a FE server or with a 2003 FE and 2000 BE.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Woodruff,
Michael
Posted At: Friday, November 21, 2003 9:57 AM
Posted To: Exchange Discussion List
Conversation: Exchange 2003 OWA Flaw?
Subject: Exchange 2003 OWA Flaw?

Is this BS or has anyone else heard of this "flaw"?


-Original Message-
From: Windows NTBugtraq Mailing List
[mailto:[EMAIL PROTECTED] On Behalf Of Matthew Johnson
Sent: Friday, November 14, 2003 10:24 PM
To: [EMAIL PROTECTED]
Subject: Exchange 2003 OWA major security flaw

 

We have upgraded our servers to Microsoft Exchange 2003 and noticed a
severe security issue with OWA. When you log in with your own
credentials you may be logged into another user's mailbox at random and
has full access to this user's mailbox. Microsoft knows of the issue but
does not have a fix yet. I was wondering how many others have seen this
issue and have received the same answer from Microsoft.

This seems to be a major security flaw and we have had to shut off OWA
indefinitely because of the issue. 

 

 

 

 

 

 

Matthew Johnson CCNA

Network Administrator

Investment Scorecard, Inc. 

615.301.7611

[EMAIL PROTECTED]

www.investmentscorecard.com <http://www.investmentscorecard.com/> 

 


-
Marcus Ranum's new book "The Myth of Homeland Security" is now out and
is available from http://www.amazon.com/ranum In this hard-hitting
review of the homeland security business, Ranum shows us how the problem
is vastly harder than it's being made to sound, and how special
interests, butt covering, and bureaucracy are threatening to derail any
chance of making progress.
-


_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface:
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&;
lang=english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface: 
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

RE: Exchange 2003 OWA Flaw?

2003-11-21 Thread Bowles, John (OIG/OMP)

Did someone just say beer  Christ...it's Miller Time now boys/girls

_
John Bowles
Exchange Engineer
OIG/HHS
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Bob Sadler
Sent: Friday, November 21, 2003 11:17 AM
To: Exchange Discussions
Subject: RE: Exchange 2003 OWA Flaw?


So to fix this, send beer to Tom, then to Martin, then Ben, then me :)



Bob Sadler
City of Leawood, KS, USA
WAN/Internet Specialist
913-339-6700 x194

-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED] 
Sent: Friday, November 21, 2003 10:13 AM
To: Exchange Discussions
Subject: RE: Exchange 2003 OWA Flaw?


I'm thinking the same thing. 
I imagine this guy managed to flub up his install some way or another
and now it's a bug to him 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ben Winzenz
Sent: Friday, November 21, 2003 8:15 AM
To: Exchange Discussions
Subject: RE: Exchange 2003 OWA Flaw?

I haven't seen any reports of this on any of the newsgroups or anywhere
else.  If it was this big of a flaw, I suspect there would be a big
stink about it. 


Ben Winzenz
Network Engineer
Gardner & White
(317) 581-1580 ext 418


-Original Message-
From: Erik Sojka [mailto:[EMAIL PROTECTED] 
Posted At: Friday, November 21, 2003 11:12 AM
Posted To: Exchange (Swynk)
Conversation: Exchange 2003 OWA Flaw?
Subject: RE: Exchange 2003 OWA Flaw?


That's because "Microsoft knows of the issue but does not have a fix
yet".  

> -Original Message-
> From: Ben Winzenz [mailto:[EMAIL PROTECTED]
> Sent: Friday, November 21, 2003 11:10 AM
> To: Exchange Discussions
> Subject: RE: Exchange 2003 OWA Flaw?
> 
> 
> I have not heard of it...
> 
> 
> Ben Winzenz
> Network Engineer
> Gardner & White
> (317) 581-1580 ext 418
> 
> 
> -Original Message-
> From: Woodruff, Michael [mailto:[EMAIL PROTECTED] Posted At:
> Friday, November 21, 2003 10:57 AM Posted To: Exchange (Swynk)
> Conversation: Exchange 2003 OWA Flaw?
> Subject: Exchange 2003 OWA Flaw?
> 
> 
> Is this BS or has anyone else heard of this "flaw"?
> 
> 
> -Original Message-
> From: Windows NTBugtraq Mailing List 
> [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Johnson
> Sent: Friday, November 14, 2003 10:24 PM
> To: [EMAIL PROTECTED]
> Subject: Exchange 2003 OWA major security flaw
> 
>  
> 
> We have upgraded our servers to Microsoft Exchange 2003 and noticed a
> severe security issue with OWA. When you log in with your own 
> credentials you may be logged into another user's mailbox at random 
> and has full access to this user's mailbox. Microsoft knows of the 
> issue but does not have a fix yet. I was wondering how many others 
> have seen this issue and have received the same answer from Microsoft.
> 
> This seems to be a major security flaw and we have had to shut off OWA

> indefinitely because of the issue.
> 
>  
> 
>  
> 
>  
> 
>  
> 
>  
> 
>  
> 
> Matthew Johnson CCNA
> 
> Network Administrator
> 
> Investment Scorecard, Inc.
> 
> 615.301.7611
> 
> [EMAIL PROTECTED]
> 
www.investmentscorecard.com <http://www.investmentscorecard.com/> 

 


-
Marcus Ranum's new book "The Myth of Homeland Security" is now out and
is available from http://www.amazon.com/ranum In this hard-hitting
review of the homeland security business, Ranum shows us how the problem
is vastly harder than it's being made to sound, and how special
interests, butt covering, and bureaucracy are threatening to derail any
chance of making progress.
-


_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface:
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&;
lang=english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]



_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface:
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&;
lang=
english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface:
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&;
lang=english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]



_
List posting FAQ:

RE: Exchange 2003 OWA Flaw?

2003-11-21 Thread Martin Blackstone

This is no bug. This is BAS.  

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Woodruff, Michael
Sent: Friday, November 21, 2003 9:25 AM
To: Exchange Discussions
Subject: RE: Exchange 2003 OWA Flaw?

Not that I am aware of.  My boss just passed it on to me.  I'm not a
participate in that list.  I just thought it was odd since that would be
a huge flaw and Microsoft or anyone for that matter has said nothing.   

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka
Sent: Friday, November 21, 2003 11:18 AM
To: Exchange Discussions
Subject: RE: Exchange 2003 OWA Flaw?

All seriousness aside, I know nothing about this issue.  

I'm inferring from the other responses to this thread that if two MVPs
have no knowledge of the issue it probably doesn't exist.  

Mike W: Were there any follow-up posts on NTBUGTRAQ about this?  

> -Original Message-
> From: Erik Sojka
> Sent: Friday, November 21, 2003 11:15 AM
> To: Exchange Discussions
> Subject: RE: Exchange 2003 OWA Flaw?
> 
> 
> I saw a posting about it on NTBUGTRAQ.COM.  Some guy had to shut off 
> OWA indefinitely because of the issue.
> 
> 
> 
> > -Original Message-
> > From: Martin Blackstone [mailto:[EMAIL PROTECTED] 
> > Sent: Friday, November 21, 2003 11:10 AM
> > To: Exchange Discussions
> > Subject: RE: Exchange 2003 OWA Flaw?
> > 
> > 
> > So you have seen this? 
> > 
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka
> > Sent: Friday, November 21, 2003 8:12 AM
> > To: Exchange Discussions
> > Subject: RE: Exchange 2003 OWA Flaw?
> > 
> > That's because "Microsoft knows of the issue but does not 
> > have a fix yet".  
> > 
> > > -----Original Message-
> > > From: Ben Winzenz [mailto:[EMAIL PROTECTED] 
> > > Sent: Friday, November 21, 2003 11:10 AM
> > > To: Exchange Discussions
> > > Subject: RE: Exchange 2003 OWA Flaw?
> > > 
> > > 
> > > I have not heard of it... 
> > > 
> > > 
> > > Ben Winzenz
> > > Network Engineer
> > > Gardner & White
> > > (317) 581-1580 ext 418
> > > 
> > > 
> > > -Original Message-
> > > From: Woodruff, Michael [mailto:[EMAIL PROTECTED] 
> > > Posted At: Friday, November 21, 2003 10:57 AM
> > > Posted To: Exchange (Swynk)
> > > Conversation: Exchange 2003 OWA Flaw?
> > > Subject: Exchange 2003 OWA Flaw?
> > > 
> > > 
> > > Is this BS or has anyone else heard of this "flaw"?
> > > 
> > > 
> > > -Original Message-
> > > From: Windows NTBugtraq Mailing List
> > > [mailto:[EMAIL PROTECTED] On Behalf Of 
> > Matthew Johnson
> > > Sent: Friday, November 14, 2003 10:24 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: Exchange 2003 OWA major security flaw
> > > 
> > >  
> > > 
> > > We have upgraded our servers to Microsoft Exchange 2003 and 
> > noticed a
> > > severe security issue with OWA. When you log in with your own
> > > credentials you may be logged into another user's mailbox at 
> > > random and
> > > has full access to this user's mailbox. Microsoft knows of 
> > > the issue but
> > > does not have a fix yet. I was wondering how many others have 
> > > seen this
> > > issue and have received the same answer from Microsoft.
> > > 
> > > This seems to be a major security flaw and we have had to 
> > shut off OWA
> > > indefinitely because of the issue. 
> > > 
> > >  
> > > 
> > >  
> > > 
> > >  
> > > 
> > >  
> > > 
> > >  
> > > 
> > >  
> > > 
> > > Matthew Johnson CCNA
> > > 
> > > Network Administrator
> > > 
> > > Investment Scorecard, Inc. 
> > > 
> > > 615.301.7611
> > > 
> > > [EMAIL PROTECTED]
> > > 
> > www.investmentscorecard.com <http://www.investmentscorecard.com/> 
> > 
> >  
> > 
> > 
> > -
> > Marcus Ranum's new book "The Myth of Homeland Security" is 
> now out and
> > is available from http://www.amazon.com/ranum In this hard-hitting
> > review of the homeland security business, Ranum shows us how 
> > the problem
> > is vastly harder than it's being made to sound, and ho

RE: Exchange 2003 OWA Flaw?

2003-11-21 Thread Erik Sojka

It could be the poster's BAS.  

> -Original Message-
> From: Woodruff, Michael [mailto:[EMAIL PROTECTED] 
> Sent: Friday, November 21, 2003 12:25 PM
> To: Exchange Discussions
> Subject: RE: Exchange 2003 OWA Flaw?
> 
> 
> Not that I am aware of.  My boss just passed it on to me.  I'm not a
> participate in that list.  I just thought it was odd since 
> that would be
> a huge flaw and Microsoft or anyone for that matter has said 
> nothing.   
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka
> Sent: Friday, November 21, 2003 11:18 AM
> To: Exchange Discussions
> Subject: RE: Exchange 2003 OWA Flaw?
> 
> All seriousness aside, I know nothing about this issue.  
> 
> I'm inferring from the other responses to this thread that if two MVPs
> have no knowledge of the issue it probably doesn't exist.  
> 
> Mike W: Were there any follow-up posts on NTBUGTRAQ about this?  
> 
> > -Original Message-
> > From: Erik Sojka
> > Sent: Friday, November 21, 2003 11:15 AM
> > To: Exchange Discussions
> > Subject: RE: Exchange 2003 OWA Flaw?
> > 
> > 
> > I saw a posting about it on NTBUGTRAQ.COM.  Some guy had to 
> shut off 
> > OWA indefinitely because of the issue.
> > 
> > 
> > 
> > > -Original Message-
> > > From: Martin Blackstone [mailto:[EMAIL PROTECTED] 
> > > Sent: Friday, November 21, 2003 11:10 AM
> > > To: Exchange Discussions
> > > Subject: RE: Exchange 2003 OWA Flaw?
> > > 
> > > 
> > > So you have seen this? 
> > > 
> > > -Original Message-
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] On Behalf Of 
> Erik Sojka
> > > Sent: Friday, November 21, 2003 8:12 AM
> > > To: Exchange Discussions
> > > Subject: RE: Exchange 2003 OWA Flaw?
> > > 
> > > That's because "Microsoft knows of the issue but does not 
> > > have a fix yet".  
> > > 
> > > > -Original Message-
> > > > From: Ben Winzenz [mailto:[EMAIL PROTECTED] 
> > > > Sent: Friday, November 21, 2003 11:10 AM
> > > > To: Exchange Discussions
> > > > Subject: RE: Exchange 2003 OWA Flaw?
> > > > 
> > > > 
> > > > I have not heard of it... 
> > > > 
> > > > 
> > > > Ben Winzenz
> > > > Network Engineer
> > > > Gardner & White
> > > > (317) 581-1580 ext 418
> > > > 
> > > > 
> > > > -Original Message-
> > > > From: Woodruff, Michael [mailto:[EMAIL PROTECTED] 
> > > > Posted At: Friday, November 21, 2003 10:57 AM
> > > > Posted To: Exchange (Swynk)
> > > > Conversation: Exchange 2003 OWA Flaw?
> > > > Subject: Exchange 2003 OWA Flaw?
> > > > 
> > > > 
> > > > Is this BS or has anyone else heard of this "flaw"?
> > > > 
> > > > 
> > > > -Original Message-
> > > > From: Windows NTBugtraq Mailing List
> > > > [mailto:[EMAIL PROTECTED] On Behalf Of 
> > > Matthew Johnson
> > > > Sent: Friday, November 14, 2003 10:24 PM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: Exchange 2003 OWA major security flaw
> > > > 
> > > >  
> > > > 
> > > > We have upgraded our servers to Microsoft Exchange 2003 and 
> > > noticed a
> > > > severe security issue with OWA. When you log in with your own
> > > > credentials you may be logged into another user's mailbox at 
> > > > random and
> > > > has full access to this user's mailbox. Microsoft knows of 
> > > > the issue but
> > > > does not have a fix yet. I was wondering how many others have 
> > > > seen this
> > > > issue and have received the same answer from Microsoft.
> > > > 
> > > > This seems to be a major security flaw and we have had to 
> > > shut off OWA
> > > > indefinitely because of the issue. 
> > > > 
> > > >  
> > > > 
> > > >  
> > > > 
> > > >  
> > > > 
> > > >  
> > > > 
> > > >  
> > > > 
> > > >  
> > > > 
> > > > Matthew Johnson CCNA
> > > > 
> > > > Network Administrator
> > > > 
> > > > In

RE: Exchange 2003 OWA Flaw?

2003-11-21 Thread Woodruff, Michael

Not that I am aware of.  My boss just passed it on to me.  I'm not a
participate in that list.  I just thought it was odd since that would be
a huge flaw and Microsoft or anyone for that matter has said nothing.   

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka
Sent: Friday, November 21, 2003 11:18 AM
To: Exchange Discussions
Subject: RE: Exchange 2003 OWA Flaw?

All seriousness aside, I know nothing about this issue.  

I'm inferring from the other responses to this thread that if two MVPs
have no knowledge of the issue it probably doesn't exist.  

Mike W: Were there any follow-up posts on NTBUGTRAQ about this?  

> -Original Message-
> From: Erik Sojka
> Sent: Friday, November 21, 2003 11:15 AM
> To: Exchange Discussions
> Subject: RE: Exchange 2003 OWA Flaw?
> 
> 
> I saw a posting about it on NTBUGTRAQ.COM.  Some guy had to shut off 
> OWA indefinitely because of the issue.
> 
> 
> 
> > -Original Message-
> > From: Martin Blackstone [mailto:[EMAIL PROTECTED] 
> > Sent: Friday, November 21, 2003 11:10 AM
> > To: Exchange Discussions
> > Subject: RE: Exchange 2003 OWA Flaw?
> > 
> > 
> > So you have seen this? 
> > 
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka
> > Sent: Friday, November 21, 2003 8:12 AM
> > To: Exchange Discussions
> > Subject: RE: Exchange 2003 OWA Flaw?
> > 
> > That's because "Microsoft knows of the issue but does not 
> > have a fix yet".  
> > 
> > > -----Original Message-
> > > From: Ben Winzenz [mailto:[EMAIL PROTECTED] 
> > > Sent: Friday, November 21, 2003 11:10 AM
> > > To: Exchange Discussions
> > > Subject: RE: Exchange 2003 OWA Flaw?
> > > 
> > > 
> > > I have not heard of it... 
> > > 
> > > 
> > > Ben Winzenz
> > > Network Engineer
> > > Gardner & White
> > > (317) 581-1580 ext 418
> > > 
> > > 
> > > -Original Message-
> > > From: Woodruff, Michael [mailto:[EMAIL PROTECTED] 
> > > Posted At: Friday, November 21, 2003 10:57 AM
> > > Posted To: Exchange (Swynk)
> > > Conversation: Exchange 2003 OWA Flaw?
> > > Subject: Exchange 2003 OWA Flaw?
> > > 
> > > 
> > > Is this BS or has anyone else heard of this "flaw"?
> > > 
> > > 
> > > -Original Message-
> > > From: Windows NTBugtraq Mailing List
> > > [mailto:[EMAIL PROTECTED] On Behalf Of 
> > Matthew Johnson
> > > Sent: Friday, November 14, 2003 10:24 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: Exchange 2003 OWA major security flaw
> > > 
> > >  
> > > 
> > > We have upgraded our servers to Microsoft Exchange 2003 and 
> > noticed a
> > > severe security issue with OWA. When you log in with your own
> > > credentials you may be logged into another user's mailbox at 
> > > random and
> > > has full access to this user's mailbox. Microsoft knows of 
> > > the issue but
> > > does not have a fix yet. I was wondering how many others have 
> > > seen this
> > > issue and have received the same answer from Microsoft.
> > > 
> > > This seems to be a major security flaw and we have had to 
> > shut off OWA
> > > indefinitely because of the issue. 
> > > 
> > >  
> > > 
> > >  
> > > 
> > >  
> > > 
> > >  
> > > 
> > >  
> > > 
> > >  
> > > 
> > > Matthew Johnson CCNA
> > > 
> > > Network Administrator
> > > 
> > > Investment Scorecard, Inc. 
> > > 
> > > 615.301.7611
> > > 
> > > [EMAIL PROTECTED]
> > > 
> > www.investmentscorecard.com <http://www.investmentscorecard.com/> 
> > 
> >  
> > 
> > 
> > -
> > Marcus Ranum's new book "The Myth of Homeland Security" is 
> now out and
> > is available from http://www.amazon.com/ranum In this hard-hitting
> > review of the homeland security business, Ranum shows us how 
> > the problem
> > is vastly harder than it's being made to sound, and how special
> > interests, butt covering, and bureaucracy are threatening to 
> > derail any
> > chance of making progress.
> > -
> > 
> > 
> > __

RE: Exchange 2003 OWA Flaw?

2003-11-21 Thread Ali Wilkes (IT)

I seem to remember something similar when e2k came out, and it was a
permissions issue.

Don't know if I still have anything about it tho.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka
Sent: Friday, November 21, 2003 11:18 AM
To: Exchange Discussions
Subject: RE: Exchange 2003 OWA Flaw?


It's always Microsoft's fault.

> -Original Message-
> From: Martin Blackstone [mailto:[EMAIL PROTECTED]
> Sent: Friday, November 21, 2003 11:13 AM
> To: Exchange Discussions
> Subject: RE: Exchange 2003 OWA Flaw?
> 
> 
> I'm thinking the same thing.
> I imagine this guy managed to flub up his install some way or 
> another and
> now it's a bug to him 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Ben Winzenz
> Sent: Friday, November 21, 2003 8:15 AM
> To: Exchange Discussions
> Subject: RE: Exchange 2003 OWA Flaw?
> 
> I haven't seen any reports of this on any of the newsgroups
> or anywhere
> else.  If it was this big of a flaw, I suspect there would be a big
> stink about it. 
> 
> 
> Ben Winzenz
> Network Engineer
> Gardner & White
> (317) 581-1580 ext 418
> 
> 
> -Original Message-
> From: Erik Sojka [mailto:[EMAIL PROTECTED]
> Posted At: Friday, November 21, 2003 11:12 AM
> Posted To: Exchange (Swynk)
> Conversation: Exchange 2003 OWA Flaw?
> Subject: RE: Exchange 2003 OWA Flaw?
> 
> 
> That's because "Microsoft knows of the issue but does not have a fix 
> yet".
> 
> > -----Original Message-
> > From: Ben Winzenz [mailto:[EMAIL PROTECTED]
> > Sent: Friday, November 21, 2003 11:10 AM
> > To: Exchange Discussions
> > Subject: RE: Exchange 2003 OWA Flaw?
> > 
> > 
> > I have not heard of it...
> > 
> > 
> > Ben Winzenz
> > Network Engineer
> > Gardner & White
> > (317) 581-1580 ext 418
> > 
> > 
> > -Original Message-
> > From: Woodruff, Michael [mailto:[EMAIL PROTECTED] Posted At:
> > Friday, November 21, 2003 10:57 AM Posted To: Exchange (Swynk)
> > Conversation: Exchange 2003 OWA Flaw?
> > Subject: Exchange 2003 OWA Flaw?
> > 
> > 
> > Is this BS or has anyone else heard of this "flaw"?
> > 
> > 
> > -Original Message-
> > From: Windows NTBugtraq Mailing List 
> > [mailto:[EMAIL PROTECTED] On Behalf Of
> Matthew Johnson
> > Sent: Friday, November 14, 2003 10:24 PM
> > To: [EMAIL PROTECTED]
> > Subject: Exchange 2003 OWA major security flaw
> > 
> >  
> > 
> > We have upgraded our servers to Microsoft Exchange 2003 and
> noticed a
> > severe security issue with OWA. When you log in with your own
> > credentials you may be logged into another user's mailbox at random 
> > and has full access to this user's mailbox. Microsoft knows of the 
> > issue but does not have a fix yet. I was wondering how many others 
> > have seen this issue and have received the same answer from 
> Microsoft.
> > 
> > This seems to be a major security flaw and we have had to
> shut off OWA
> 
> > indefinitely because of the issue.
> > 
> >  
> > 
> >  
> > 
> >  
> > 
> >  
> > 
> >  
> > 
> >  
> > 
> > Matthew Johnson CCNA
> > 
> > Network Administrator
> > 
> > Investment Scorecard, Inc.
> > 
> > 615.301.7611
> > 
> > [EMAIL PROTECTED]
> > 
> www.investmentscorecard.com <http://www.investmentscorecard.com/>
> 
>  
> 
> 
> -
> Marcus Ranum's new book "The Myth of Homeland Security" is now out and

> is available from http://www.amazon.com/ranum In this hard-hitting 
> review of the homeland security business, Ranum shows us how the 
> problem is vastly harder than it's being made to sound, and how 
> special interests, butt covering, and bureaucracy are threatening to
> derail any
> chance of making progress.
> -
> 
> 
> _
> List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
> Web Interface: 
> http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t
ext_mode=&
> lang=english
> To unsubscribe: mailto:[EMAIL PROTECTED]
> Exchange List admin:[EMAIL PROTECTED]
> 
> 
> 
> _
> List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
> Web Interface: 
> http://intm-dl.sparklist.com/cgi-bin/lyris

RE: Exchange 2003 OWA Flaw?

2003-11-21 Thread Erik Sojka

It's always Microsoft's fault.

> -Original Message-
> From: Martin Blackstone [mailto:[EMAIL PROTECTED] 
> Sent: Friday, November 21, 2003 11:13 AM
> To: Exchange Discussions
> Subject: RE: Exchange 2003 OWA Flaw?
> 
> 
> I'm thinking the same thing. 
> I imagine this guy managed to flub up his install some way or 
> another and
> now it's a bug to him 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Ben Winzenz
> Sent: Friday, November 21, 2003 8:15 AM
> To: Exchange Discussions
> Subject: RE: Exchange 2003 OWA Flaw?
> 
> I haven't seen any reports of this on any of the newsgroups 
> or anywhere
> else.  If it was this big of a flaw, I suspect there would be a big
> stink about it. 
> 
> 
> Ben Winzenz
> Network Engineer
> Gardner & White
> (317) 581-1580 ext 418
> 
> 
> -Original Message-
> From: Erik Sojka [mailto:[EMAIL PROTECTED] 
> Posted At: Friday, November 21, 2003 11:12 AM
> Posted To: Exchange (Swynk)
> Conversation: Exchange 2003 OWA Flaw?
> Subject: RE: Exchange 2003 OWA Flaw?
> 
> 
> That's because "Microsoft knows of the issue but does not have a fix
> yet".  
> 
> > -----Original Message-
> > From: Ben Winzenz [mailto:[EMAIL PROTECTED]
> > Sent: Friday, November 21, 2003 11:10 AM
> > To: Exchange Discussions
> > Subject: RE: Exchange 2003 OWA Flaw?
> > 
> > 
> > I have not heard of it... 
> > 
> > 
> > Ben Winzenz
> > Network Engineer
> > Gardner & White
> > (317) 581-1580 ext 418
> > 
> > 
> > -Original Message-
> > From: Woodruff, Michael [mailto:[EMAIL PROTECTED] Posted At: 
> > Friday, November 21, 2003 10:57 AM Posted To: Exchange (Swynk)
> > Conversation: Exchange 2003 OWA Flaw?
> > Subject: Exchange 2003 OWA Flaw?
> > 
> > 
> > Is this BS or has anyone else heard of this "flaw"?
> > 
> > 
> > -Original Message-
> > From: Windows NTBugtraq Mailing List
> > [mailto:[EMAIL PROTECTED] On Behalf Of 
> Matthew Johnson
> > Sent: Friday, November 14, 2003 10:24 PM
> > To: [EMAIL PROTECTED]
> > Subject: Exchange 2003 OWA major security flaw
> > 
> >  
> > 
> > We have upgraded our servers to Microsoft Exchange 2003 and 
> noticed a 
> > severe security issue with OWA. When you log in with your own 
> > credentials you may be logged into another user's mailbox at random 
> > and has full access to this user's mailbox. Microsoft knows of the 
> > issue but does not have a fix yet. I was wondering how many others 
> > have seen this issue and have received the same answer from 
> Microsoft.
> > 
> > This seems to be a major security flaw and we have had to 
> shut off OWA
> 
> > indefinitely because of the issue.
> > 
> >  
> > 
> >  
> > 
> >  
> > 
> >  
> > 
> >  
> > 
> >  
> > 
> > Matthew Johnson CCNA
> > 
> > Network Administrator
> > 
> > Investment Scorecard, Inc. 
> > 
> > 615.301.7611
> > 
> > [EMAIL PROTECTED]
> > 
> www.investmentscorecard.com <http://www.investmentscorecard.com/> 
> 
>  
> 
> 
> -
> Marcus Ranum's new book "The Myth of Homeland Security" is now out and
> is available from http://www.amazon.com/ranum In this hard-hitting
> review of the homeland security business, Ranum shows us how 
> the problem
> is vastly harder than it's being made to sound, and how special
> interests, butt covering, and bureaucracy are threatening to 
> derail any
> chance of making progress.
> -
> 
> 
> _
> List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
> Web Interface:
> http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t
ext_mode=&
> lang=english
> To unsubscribe: mailto:[EMAIL PROTECTED]
> Exchange List admin:[EMAIL PROTECTED]
> 
> 
> 
> _
> List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
> Web Interface:
> http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t
ext_mode=&
lang=
english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface:
http://intm-dl.sparklist.com/cgi-bin/lyris

RE: Exchange 2003 OWA Flaw?

2003-11-21 Thread Erik Sojka

All seriousness aside, I know nothing about this issue.  

I'm inferring from the other responses to this thread that if two MVPs have
no knowledge of the issue it probably doesn't exist.  

Mike W: Were there any follow-up posts on NTBUGTRAQ about this?  

> -Original Message-
> From: Erik Sojka 
> Sent: Friday, November 21, 2003 11:15 AM
> To: Exchange Discussions
> Subject: RE: Exchange 2003 OWA Flaw?
> 
> 
> I saw a posting about it on NTBUGTRAQ.COM.  Some guy had to 
> shut off OWA
> indefinitely because of the issue. 
> 
> 
> 
> > -Original Message-
> > From: Martin Blackstone [mailto:[EMAIL PROTECTED] 
> > Sent: Friday, November 21, 2003 11:10 AM
> > To: Exchange Discussions
> > Subject: RE: Exchange 2003 OWA Flaw?
> > 
> > 
> > So you have seen this? 
> > 
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka
> > Sent: Friday, November 21, 2003 8:12 AM
> > To: Exchange Discussions
> > Subject: RE: Exchange 2003 OWA Flaw?
> > 
> > That's because "Microsoft knows of the issue but does not 
> > have a fix yet".  
> > 
> > > -----Original Message-
> > > From: Ben Winzenz [mailto:[EMAIL PROTECTED] 
> > > Sent: Friday, November 21, 2003 11:10 AM
> > > To: Exchange Discussions
> > > Subject: RE: Exchange 2003 OWA Flaw?
> > > 
> > > 
> > > I have not heard of it... 
> > > 
> > > 
> > > Ben Winzenz
> > > Network Engineer
> > > Gardner & White
> > > (317) 581-1580 ext 418
> > > 
> > > 
> > > -Original Message-
> > > From: Woodruff, Michael [mailto:[EMAIL PROTECTED] 
> > > Posted At: Friday, November 21, 2003 10:57 AM
> > > Posted To: Exchange (Swynk)
> > > Conversation: Exchange 2003 OWA Flaw?
> > > Subject: Exchange 2003 OWA Flaw?
> > > 
> > > 
> > > Is this BS or has anyone else heard of this "flaw"?
> > > 
> > > 
> > > -Original Message-
> > > From: Windows NTBugtraq Mailing List
> > > [mailto:[EMAIL PROTECTED] On Behalf Of 
> > Matthew Johnson
> > > Sent: Friday, November 14, 2003 10:24 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: Exchange 2003 OWA major security flaw
> > > 
> > >  
> > > 
> > > We have upgraded our servers to Microsoft Exchange 2003 and 
> > noticed a
> > > severe security issue with OWA. When you log in with your own
> > > credentials you may be logged into another user's mailbox at 
> > > random and
> > > has full access to this user's mailbox. Microsoft knows of 
> > > the issue but
> > > does not have a fix yet. I was wondering how many others have 
> > > seen this
> > > issue and have received the same answer from Microsoft.
> > > 
> > > This seems to be a major security flaw and we have had to 
> > shut off OWA
> > > indefinitely because of the issue. 
> > > 
> > >  
> > > 
> > >  
> > > 
> > >  
> > > 
> > >  
> > > 
> > >  
> > > 
> > >  
> > > 
> > > Matthew Johnson CCNA
> > > 
> > > Network Administrator
> > > 
> > > Investment Scorecard, Inc. 
> > > 
> > > 615.301.7611
> > > 
> > > [EMAIL PROTECTED]
> > > 
> > www.investmentscorecard.com <http://www.investmentscorecard.com/> 
> > 
> >  
> > 
> > 
> > -
> > Marcus Ranum's new book "The Myth of Homeland Security" is 
> now out and
> > is available from http://www.amazon.com/ranum In this hard-hitting
> > review of the homeland security business, Ranum shows us how 
> > the problem
> > is vastly harder than it's being made to sound, and how special
> > interests, butt covering, and bureaucracy are threatening to 
> > derail any
> > chance of making progress.
> > -
> > 
> > 
> > _
> > List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
> > Web Interface:
> > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t
> ext_mode=&
> lang=english
> To unsubscribe: mailto:[EMAIL PROTECTED]
> Exchange List admin:[EMAIL PROTECTED]
> 
> 
> 
> _
> L

RE: Exchange 2003 OWA Flaw?

2003-11-21 Thread Bob Sadler

So to fix this, send beer to Tom, then to Martin, then Ben, then me :)



Bob Sadler
City of Leawood, KS, USA
WAN/Internet Specialist
913-339-6700 x194

-Original Message-
From: Martin Blackstone [mailto:[EMAIL PROTECTED] 
Sent: Friday, November 21, 2003 10:13 AM
To: Exchange Discussions
Subject: RE: Exchange 2003 OWA Flaw?


I'm thinking the same thing. 
I imagine this guy managed to flub up his install some way or another
and now it's a bug to him 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ben Winzenz
Sent: Friday, November 21, 2003 8:15 AM
To: Exchange Discussions
Subject: RE: Exchange 2003 OWA Flaw?

I haven't seen any reports of this on any of the newsgroups or anywhere
else.  If it was this big of a flaw, I suspect there would be a big
stink about it. 


Ben Winzenz
Network Engineer
Gardner & White
(317) 581-1580 ext 418


-Original Message-
From: Erik Sojka [mailto:[EMAIL PROTECTED] 
Posted At: Friday, November 21, 2003 11:12 AM
Posted To: Exchange (Swynk)
Conversation: Exchange 2003 OWA Flaw?
Subject: RE: Exchange 2003 OWA Flaw?


That's because "Microsoft knows of the issue but does not have a fix
yet".  

> -Original Message-
> From: Ben Winzenz [mailto:[EMAIL PROTECTED]
> Sent: Friday, November 21, 2003 11:10 AM
> To: Exchange Discussions
> Subject: RE: Exchange 2003 OWA Flaw?
> 
> 
> I have not heard of it...
> 
> 
> Ben Winzenz
> Network Engineer
> Gardner & White
> (317) 581-1580 ext 418
> 
> 
> -Original Message-
> From: Woodruff, Michael [mailto:[EMAIL PROTECTED] Posted At:
> Friday, November 21, 2003 10:57 AM Posted To: Exchange (Swynk)
> Conversation: Exchange 2003 OWA Flaw?
> Subject: Exchange 2003 OWA Flaw?
> 
> 
> Is this BS or has anyone else heard of this "flaw"?
> 
> 
> -Original Message-
> From: Windows NTBugtraq Mailing List 
> [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Johnson
> Sent: Friday, November 14, 2003 10:24 PM
> To: [EMAIL PROTECTED]
> Subject: Exchange 2003 OWA major security flaw
> 
>  
> 
> We have upgraded our servers to Microsoft Exchange 2003 and noticed a
> severe security issue with OWA. When you log in with your own 
> credentials you may be logged into another user's mailbox at random 
> and has full access to this user's mailbox. Microsoft knows of the 
> issue but does not have a fix yet. I was wondering how many others 
> have seen this issue and have received the same answer from Microsoft.
> 
> This seems to be a major security flaw and we have had to shut off OWA

> indefinitely because of the issue.
> 
>  
> 
>  
> 
>  
> 
>  
> 
>  
> 
>  
> 
> Matthew Johnson CCNA
> 
> Network Administrator
> 
> Investment Scorecard, Inc.
> 
> 615.301.7611
> 
> [EMAIL PROTECTED]
> 
www.investmentscorecard.com <http://www.investmentscorecard.com/> 

 


-
Marcus Ranum's new book "The Myth of Homeland Security" is now out and
is available from http://www.amazon.com/ranum In this hard-hitting
review of the homeland security business, Ranum shows us how the problem
is vastly harder than it's being made to sound, and how special
interests, butt covering, and bureaucracy are threatening to derail any
chance of making progress.
-


_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface:
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&;
lang=english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]



_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface:
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&;
lang=
english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface:
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&;
lang=english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]



_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface:
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&;
lang
=english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface

RE: Exchange 2003 OWA Flaw?

2003-11-21 Thread Martin Blackstone

I'm thinking the same thing. 
I imagine this guy managed to flub up his install some way or another and
now it's a bug to him 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ben Winzenz
Sent: Friday, November 21, 2003 8:15 AM
To: Exchange Discussions
Subject: RE: Exchange 2003 OWA Flaw?

I haven't seen any reports of this on any of the newsgroups or anywhere
else.  If it was this big of a flaw, I suspect there would be a big
stink about it. 


Ben Winzenz
Network Engineer
Gardner & White
(317) 581-1580 ext 418


-Original Message-
From: Erik Sojka [mailto:[EMAIL PROTECTED] 
Posted At: Friday, November 21, 2003 11:12 AM
Posted To: Exchange (Swynk)
Conversation: Exchange 2003 OWA Flaw?
Subject: RE: Exchange 2003 OWA Flaw?


That's because "Microsoft knows of the issue but does not have a fix
yet".  

> -Original Message-
> From: Ben Winzenz [mailto:[EMAIL PROTECTED]
> Sent: Friday, November 21, 2003 11:10 AM
> To: Exchange Discussions
> Subject: RE: Exchange 2003 OWA Flaw?
> 
> 
> I have not heard of it... 
> 
> 
> Ben Winzenz
> Network Engineer
> Gardner & White
> (317) 581-1580 ext 418
> 
> 
> -Original Message-
> From: Woodruff, Michael [mailto:[EMAIL PROTECTED] Posted At: 
> Friday, November 21, 2003 10:57 AM Posted To: Exchange (Swynk)
> Conversation: Exchange 2003 OWA Flaw?
> Subject: Exchange 2003 OWA Flaw?
> 
> 
> Is this BS or has anyone else heard of this "flaw"?
> 
> 
> -Original Message-
> From: Windows NTBugtraq Mailing List
> [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Johnson
> Sent: Friday, November 14, 2003 10:24 PM
> To: [EMAIL PROTECTED]
> Subject: Exchange 2003 OWA major security flaw
> 
>  
> 
> We have upgraded our servers to Microsoft Exchange 2003 and noticed a 
> severe security issue with OWA. When you log in with your own 
> credentials you may be logged into another user's mailbox at random 
> and has full access to this user's mailbox. Microsoft knows of the 
> issue but does not have a fix yet. I was wondering how many others 
> have seen this issue and have received the same answer from Microsoft.
> 
> This seems to be a major security flaw and we have had to shut off OWA

> indefinitely because of the issue.
> 
>  
> 
>  
> 
>  
> 
>  
> 
>  
> 
>  
> 
> Matthew Johnson CCNA
> 
> Network Administrator
> 
> Investment Scorecard, Inc. 
> 
> 615.301.7611
> 
> [EMAIL PROTECTED]
> 
www.investmentscorecard.com <http://www.investmentscorecard.com/> 

 


-
Marcus Ranum's new book "The Myth of Homeland Security" is now out and
is available from http://www.amazon.com/ranum In this hard-hitting
review of the homeland security business, Ranum shows us how the problem
is vastly harder than it's being made to sound, and how special
interests, butt covering, and bureaucracy are threatening to derail any
chance of making progress.
-


_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface:
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&;
lang=english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]



_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface:
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&;
lang=
english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface:
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&;
lang=english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]



_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface:
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang
=english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface: 
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

RE: Exchange 2003 OWA Flaw?

2003-11-21 Thread Erik Sojka

I saw a posting about it on NTBUGTRAQ.COM.  Some guy had to shut off OWA
indefinitely because of the issue. 



> -Original Message-
> From: Martin Blackstone [mailto:[EMAIL PROTECTED] 
> Sent: Friday, November 21, 2003 11:10 AM
> To: Exchange Discussions
> Subject: RE: Exchange 2003 OWA Flaw?
> 
> 
> So you have seen this? 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka
> Sent: Friday, November 21, 2003 8:12 AM
> To: Exchange Discussions
> Subject: RE: Exchange 2003 OWA Flaw?
> 
> That's because "Microsoft knows of the issue but does not 
> have a fix yet".  
> 
> > -Original Message-
> > From: Ben Winzenz [mailto:[EMAIL PROTECTED] 
> > Sent: Friday, November 21, 2003 11:10 AM
> > To: Exchange Discussions
> > Subject: RE: Exchange 2003 OWA Flaw?
> > 
> > 
> > I have not heard of it... 
> > 
> > 
> > Ben Winzenz
> > Network Engineer
> > Gardner & White
> > (317) 581-1580 ext 418
> > 
> > 
> > -Original Message-
> > From: Woodruff, Michael [mailto:[EMAIL PROTECTED] 
> > Posted At: Friday, November 21, 2003 10:57 AM
> > Posted To: Exchange (Swynk)
> > Conversation: Exchange 2003 OWA Flaw?
> > Subject: Exchange 2003 OWA Flaw?
> > 
> > 
> > Is this BS or has anyone else heard of this "flaw"?
> > 
> > 
> > -Original Message-
> > From: Windows NTBugtraq Mailing List
> > [mailto:[EMAIL PROTECTED] On Behalf Of 
> Matthew Johnson
> > Sent: Friday, November 14, 2003 10:24 PM
> > To: [EMAIL PROTECTED]
> > Subject: Exchange 2003 OWA major security flaw
> > 
> >  
> > 
> > We have upgraded our servers to Microsoft Exchange 2003 and 
> noticed a
> > severe security issue with OWA. When you log in with your own
> > credentials you may be logged into another user's mailbox at 
> > random and
> > has full access to this user's mailbox. Microsoft knows of 
> > the issue but
> > does not have a fix yet. I was wondering how many others have 
> > seen this
> > issue and have received the same answer from Microsoft.
> > 
> > This seems to be a major security flaw and we have had to 
> shut off OWA
> > indefinitely because of the issue. 
> > 
> >  
> > 
> >  
> > 
> >  
> > 
> >  
> > 
> >  
> > 
> >  
> > 
> > Matthew Johnson CCNA
> > 
> > Network Administrator
> > 
> > Investment Scorecard, Inc. 
> > 
> > 615.301.7611
> > 
> > [EMAIL PROTECTED]
> > 
> www.investmentscorecard.com <http://www.investmentscorecard.com/> 
> 
>  
> 
> 
> -
> Marcus Ranum's new book "The Myth of Homeland Security" is now out and
> is available from http://www.amazon.com/ranum In this hard-hitting
> review of the homeland security business, Ranum shows us how 
> the problem
> is vastly harder than it's being made to sound, and how special
> interests, butt covering, and bureaucracy are threatening to 
> derail any
> chance of making progress.
> -
> 
> 
> _
> List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
> Web Interface:
> http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t
ext_mode=&
lang=english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]



_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface:
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang
=
english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface:
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang
=english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface:
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=
english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface: 
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

RE: Exchange 2003 OWA Flaw?

2003-11-21 Thread Ben Winzenz

I haven't seen any reports of this on any of the newsgroups or anywhere
else.  If it was this big of a flaw, I suspect there would be a big
stink about it. 


Ben Winzenz
Network Engineer
Gardner & White
(317) 581-1580 ext 418


-Original Message-
From: Erik Sojka [mailto:[EMAIL PROTECTED] 
Posted At: Friday, November 21, 2003 11:12 AM
Posted To: Exchange (Swynk)
Conversation: Exchange 2003 OWA Flaw?
Subject: RE: Exchange 2003 OWA Flaw?


That's because "Microsoft knows of the issue but does not have a fix
yet".  

> -Original Message-
> From: Ben Winzenz [mailto:[EMAIL PROTECTED]
> Sent: Friday, November 21, 2003 11:10 AM
> To: Exchange Discussions
> Subject: RE: Exchange 2003 OWA Flaw?
> 
> 
> I have not heard of it... 
> 
> 
> Ben Winzenz
> Network Engineer
> Gardner & White
> (317) 581-1580 ext 418
> 
> 
> -Original Message-
> From: Woodruff, Michael [mailto:[EMAIL PROTECTED] Posted At: 
> Friday, November 21, 2003 10:57 AM Posted To: Exchange (Swynk)
> Conversation: Exchange 2003 OWA Flaw?
> Subject: Exchange 2003 OWA Flaw?
> 
> 
> Is this BS or has anyone else heard of this "flaw"?
> 
> 
> -Original Message-
> From: Windows NTBugtraq Mailing List
> [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Johnson
> Sent: Friday, November 14, 2003 10:24 PM
> To: [EMAIL PROTECTED]
> Subject: Exchange 2003 OWA major security flaw
> 
>  
> 
> We have upgraded our servers to Microsoft Exchange 2003 and noticed a 
> severe security issue with OWA. When you log in with your own 
> credentials you may be logged into another user's mailbox at random 
> and has full access to this user's mailbox. Microsoft knows of the 
> issue but does not have a fix yet. I was wondering how many others 
> have seen this issue and have received the same answer from Microsoft.
> 
> This seems to be a major security flaw and we have had to shut off OWA

> indefinitely because of the issue.
> 
>  
> 
>  
> 
>  
> 
>  
> 
>  
> 
>  
> 
> Matthew Johnson CCNA
> 
> Network Administrator
> 
> Investment Scorecard, Inc. 
> 
> 615.301.7611
> 
> [EMAIL PROTECTED]
> 
www.investmentscorecard.com <http://www.investmentscorecard.com/> 

 


-
Marcus Ranum's new book "The Myth of Homeland Security" is now out and
is available from http://www.amazon.com/ranum In this hard-hitting
review of the homeland security business, Ranum shows us how the problem
is vastly harder than it's being made to sound, and how special
interests, butt covering, and bureaucracy are threatening to derail any
chance of making progress.
-


_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface:
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&;
lang=english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]



_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface:
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&;
lang=
english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface:
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&;
lang=english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]



_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface: 
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

RE: Exchange 2003 OWA Flaw?

2003-11-21 Thread Martin Blackstone

So you have seen this? 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Erik Sojka
Sent: Friday, November 21, 2003 8:12 AM
To: Exchange Discussions
Subject: RE: Exchange 2003 OWA Flaw?

That's because "Microsoft knows of the issue but does not have a fix yet".  

> -Original Message-
> From: Ben Winzenz [mailto:[EMAIL PROTECTED] 
> Sent: Friday, November 21, 2003 11:10 AM
> To: Exchange Discussions
> Subject: RE: Exchange 2003 OWA Flaw?
> 
> 
> I have not heard of it... 
> 
> 
> Ben Winzenz
> Network Engineer
> Gardner & White
> (317) 581-1580 ext 418
> 
> 
> -Original Message-
> From: Woodruff, Michael [mailto:[EMAIL PROTECTED] 
> Posted At: Friday, November 21, 2003 10:57 AM
> Posted To: Exchange (Swynk)
> Conversation: Exchange 2003 OWA Flaw?
> Subject: Exchange 2003 OWA Flaw?
> 
> 
> Is this BS or has anyone else heard of this "flaw"?
> 
> 
> -Original Message-
> From: Windows NTBugtraq Mailing List
> [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Johnson
> Sent: Friday, November 14, 2003 10:24 PM
> To: [EMAIL PROTECTED]
> Subject: Exchange 2003 OWA major security flaw
> 
>  
> 
> We have upgraded our servers to Microsoft Exchange 2003 and noticed a
> severe security issue with OWA. When you log in with your own
> credentials you may be logged into another user's mailbox at 
> random and
> has full access to this user's mailbox. Microsoft knows of 
> the issue but
> does not have a fix yet. I was wondering how many others have 
> seen this
> issue and have received the same answer from Microsoft.
> 
> This seems to be a major security flaw and we have had to shut off OWA
> indefinitely because of the issue. 
> 
>  
> 
>  
> 
>  
> 
>  
> 
>  
> 
>  
> 
> Matthew Johnson CCNA
> 
> Network Administrator
> 
> Investment Scorecard, Inc. 
> 
> 615.301.7611
> 
> [EMAIL PROTECTED]
> 
www.investmentscorecard.com <http://www.investmentscorecard.com/> 

 


-
Marcus Ranum's new book "The Myth of Homeland Security" is now out and
is available from http://www.amazon.com/ranum In this hard-hitting
review of the homeland security business, Ranum shows us how the problem
is vastly harder than it's being made to sound, and how special
interests, butt covering, and bureaucracy are threatening to derail any
chance of making progress.
-


_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface:
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&;
lang=english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]



_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface:
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang
=
english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface:
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang
=english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface: 
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

RE: Exchange 2003 OWA Flaw?

2003-11-21 Thread Erik Sojka

That's because "Microsoft knows of the issue but does not have a fix yet".  

> -Original Message-
> From: Ben Winzenz [mailto:[EMAIL PROTECTED] 
> Sent: Friday, November 21, 2003 11:10 AM
> To: Exchange Discussions
> Subject: RE: Exchange 2003 OWA Flaw?
> 
> 
> I have not heard of it... 
> 
> 
> Ben Winzenz
> Network Engineer
> Gardner & White
> (317) 581-1580 ext 418
> 
> 
> -Original Message-
> From: Woodruff, Michael [mailto:[EMAIL PROTECTED] 
> Posted At: Friday, November 21, 2003 10:57 AM
> Posted To: Exchange (Swynk)
> Conversation: Exchange 2003 OWA Flaw?
> Subject: Exchange 2003 OWA Flaw?
> 
> 
> Is this BS or has anyone else heard of this "flaw"?
> 
> 
> -Original Message-
> From: Windows NTBugtraq Mailing List
> [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Johnson
> Sent: Friday, November 14, 2003 10:24 PM
> To: [EMAIL PROTECTED]
> Subject: Exchange 2003 OWA major security flaw
> 
>  
> 
> We have upgraded our servers to Microsoft Exchange 2003 and noticed a
> severe security issue with OWA. When you log in with your own
> credentials you may be logged into another user's mailbox at 
> random and
> has full access to this user's mailbox. Microsoft knows of 
> the issue but
> does not have a fix yet. I was wondering how many others have 
> seen this
> issue and have received the same answer from Microsoft.
> 
> This seems to be a major security flaw and we have had to shut off OWA
> indefinitely because of the issue. 
> 
>  
> 
>  
> 
>  
> 
>  
> 
>  
> 
>  
> 
> Matthew Johnson CCNA
> 
> Network Administrator
> 
> Investment Scorecard, Inc. 
> 
> 615.301.7611
> 
> [EMAIL PROTECTED]
> 
www.investmentscorecard.com <http://www.investmentscorecard.com/> 

 


-
Marcus Ranum's new book "The Myth of Homeland Security" is now out and
is available from http://www.amazon.com/ranum In this hard-hitting
review of the homeland security business, Ranum shows us how the problem
is vastly harder than it's being made to sound, and how special
interests, butt covering, and bureaucracy are threatening to derail any
chance of making progress.
-


_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface:
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&;
lang=english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]



_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface:
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=
english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface: 
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

RE: Exchange 2003 OWA Flaw?

2003-11-21 Thread Ben Winzenz

I have not heard of it... 


Ben Winzenz
Network Engineer
Gardner & White
(317) 581-1580 ext 418


-Original Message-
From: Woodruff, Michael [mailto:[EMAIL PROTECTED] 
Posted At: Friday, November 21, 2003 10:57 AM
Posted To: Exchange (Swynk)
Conversation: Exchange 2003 OWA Flaw?
Subject: Exchange 2003 OWA Flaw?


Is this BS or has anyone else heard of this "flaw"?


-Original Message-
From: Windows NTBugtraq Mailing List
[mailto:[EMAIL PROTECTED] On Behalf Of Matthew Johnson
Sent: Friday, November 14, 2003 10:24 PM
To: [EMAIL PROTECTED]
Subject: Exchange 2003 OWA major security flaw

 

We have upgraded our servers to Microsoft Exchange 2003 and noticed a
severe security issue with OWA. When you log in with your own
credentials you may be logged into another user's mailbox at random and
has full access to this user's mailbox. Microsoft knows of the issue but
does not have a fix yet. I was wondering how many others have seen this
issue and have received the same answer from Microsoft.

This seems to be a major security flaw and we have had to shut off OWA
indefinitely because of the issue. 

 

 

 

 

 

 

Matthew Johnson CCNA

Network Administrator

Investment Scorecard, Inc. 

615.301.7611

[EMAIL PROTECTED]

www.investmentscorecard.com <http://www.investmentscorecard.com/> 

 


-
Marcus Ranum's new book "The Myth of Homeland Security" is now out and
is available from http://www.amazon.com/ranum In this hard-hitting
review of the homeland security business, Ranum shows us how the problem
is vastly harder than it's being made to sound, and how special
interests, butt covering, and bureaucracy are threatening to derail any
chance of making progress.
-


_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface:
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&;
lang=english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]



_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface: 
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

Exchange 2003 OWA Flaw?

2003-11-21 Thread Woodruff, Michael

Is this BS or has anyone else heard of this "flaw"?

-Original Message-
From: Windows NTBugtraq Mailing List
[mailto:[EMAIL PROTECTED] On Behalf Of Matthew Johnson
Sent: Friday, November 14, 2003 10:24 PM
To: [EMAIL PROTECTED]
Subject: Exchange 2003 OWA major security flaw

We have upgraded our servers to Microsoft Exchange 2003 and noticed a
severe security issue with OWA. When you log in with your own
credentials you may be logged into another user's mailbox at random and
has full access to this user's mailbox. Microsoft knows of the issue but
does not have a fix yet. I was wondering how many others have seen this
issue and have received the same answer from Microsoft.

This seems to be a major security flaw and we have had to shut off OWA
indefinitely because of the issue. 

Matthew Johnson CCNA

Network Administrator

Investment Scorecard, Inc. 

615.301.7611

[EMAIL PROTECTED]

www.investmentscorecard.com  

-
Marcus Ranum's new book "The Myth of Homeland Security" is now out and
is available from http://www.amazon.com/ranum In this hard-hitting
review of the homeland security business, Ranum shows us how the problem
is vastly harder than it's being made to sound, and how special
interests, butt covering, and bureaucracy are threatening to derail any
chance of making progress.
-

_
List posting FAQ:   http://www.swinc.com/resource/exch_faq.htm
Web Interface: 
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin:[EMAIL PROTECTED]

RE: Exchange 2003 OWA Flaw?

RE: Exchange 2003 OWA Flaw?

RE: Exchange 2003 OWA Flaw?

RE: Exchange 2003 OWA Flaw?

RE: Exchange 2003 OWA Flaw?

RE: Exchange 2003 OWA Flaw?

RE: Exchange 2003 OWA Flaw?

RE: Exchange 2003 OWA Flaw?

RE: Exchange 2003 OWA Flaw?

RE: Exchange 2003 OWA Flaw?

RE: Exchange 2003 OWA Flaw?

RE: Exchange 2003 OWA Flaw?

RE: Exchange 2003 OWA Flaw?

RE: Exchange 2003 OWA Flaw?

RE: Exchange 2003 OWA Flaw?

RE: Exchange 2003 OWA Flaw?

RE: Exchange 2003 OWA Flaw?

RE: Exchange 2003 OWA Flaw?

RE: Exchange 2003 OWA Flaw?

Exchange 2003 OWA Flaw?

20 matches

Site Navigation

Mail list logo

Footer information