Microsoft Exchange 2003 With Outlook Web Access and Windows SharePoint Services May Grant Incorrect E-mail Account Access to Rem
Categorie: Vulnerability Posted: 2003-12-01 by ReCall Views: 405 Source: Click here
Current Rating: Not rated
Details
Description: A vulnerability was reported in Microsoft Exchange 2003 when used with Outlook Web Access and Windows SharePoint Services. The system may grant a remote authenticated user access to the wrong e-mail account.
Matthew Johnson reported that a remote authenticated user may be granted full access to a random user's mailbox.
Martin Blackstone noted that Microsoft issued a support article on the topic. Microsoft reports that when Windows SharePoint Services 2.0 is installed on a Windows Server 2003 system that is running Exchange Server 2003, Kerberos authentication on Internet Information Services (IIS) may be disabled. As a result, Outlook Web Access requests may be incorrectly handled, the report said.
Impact: A remote authenticated user may be granted full access to a random user's mailbox.
Solution: No solution was available at the time of this entry. Microsoft has issued a support article describing how to properly remove Windows SharePoint Services to return your system to a working state:
