lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <B3474FD71F67D4118C5800508B693A20027CB804@it-exch.instill.com>
Date: Fri, 23 May 2003 10:17:54 -0700
From: Chris Robertson <Chris.Robertson@...till.com>
To: "'bugtraq@...urityfocus.com'" <bugtraq@...urityfocus.com>
Subject: RE: Outlook Web Access authentication bypass


Please disregard this.  A configuration change had been unknowingly made on
the Exchange server (making the test account an Exchange Admin).

I sincerly apologize for any confusion this may have caused.

Chris Robertson

-----Original Message-----
From: Chris Robertson [mailto:Chris.Robertson@...till.com]
Sent: Friday, May 23, 2003 1:03 AM
To: 'bugtraq@...urityfocus.com'
Subject: Outlook Web Access authentication bypass


This exploit exhibits the same symptoms as CAN-2002-0507 however I have
found it is possible on an Exchange 5.5 (patches current to within ~3
months) single system Outlook Web Access install (IIS and 
Exchange on the
same server) to access any mailbox once the client has been successfully
authenticated in Netscape 7.0 on Windows 2k and Redhat 7.2, 
Mozilla 1.0.1,
Galeon 1.2.5, and Konqueror 3.0.3-13 on Redhat 8.0.  
Additionally under IE
5.50.4807.2300 it is possible to get the same behavior by canceling an
attempted login to a non-authorized mailbox and editing the url from
..."isnewwindow=0"... to ..."isnewwindow=1"...

Does anyone have anymore info on this?

Thanks,
Chris Robertson
Security Engineer
Instill Corp.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ