Is exchange server 2007 webmail vulnerable to automatic repetitive submission to the login page?
Dear Folk,
I was trying the "exchange server 2007 32-bit" for testing purposes only
-I saved the default login page of the webmail as html on the desktop.
-I changed the url of the form in the saved document to be
https://servername/owa/auth/owaauth.dll
-I opened the saved html document.
-I put the credentials I use always
-I clicked on the "Log On" button
-I succeeded!!!
I expect an answer from the microsoft support teamMCITP Enterprise Messaging Administrator, MCITP Enterprise Administrator, MCSE, MCDBA
October 4th, 2010 2:21pm
What's the question?
Free Windows Admin Tool Kit Click here and download it now
October 4th, 2010 3:20pm
Can't you see a security breach in this senario?MCITP Enterprise Messaging Administrator, MCITP Enterprise Administrator, MCSE, MCDBA
October 4th, 2010 3:42pm
Dear All ,
The login action is vulnerable to a repetitive login attempt without any security steps such as
1-security code/token per each request…
2-referer check
3-captcha security image
Etc..
Is this right?
I need a qualified person to answer this question.MCITP Enterprise Messaging Administrator, MCITP Enterprise Administrator, MCSE, MCDBA
Free Windows Admin Tool Kit Click here and download it now
October 8th, 2010 7:36am