Re: OWA - Change Password Security Risk?

  • From: "Abner Carvalho" <astronobaldo@xxxxxxxxxxx>
  • To: exchangelist@xxxxxxxxxxxxx
  • Date: Fri, 04 Apr 2003 14:20:17 +0000

Hi Rob,

   Take a look in the following site:

       - http://www.securityfocus.com/bid/2110/discussion

It is to IIS 4.0 but I think that can help you.

Regards,

Abner Carvalho






From: "Hemmings, Rob" <Rob.Hemmings@xxxxxxxxxxxxx>
Reply-To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
Subject: [exchangelist] OWA - Change Password Security Risk?
Date: Fri, 4 Apr 2003 15:09:34 +0100

Hi,

I have an E2K Front-end Server in my DMZ. When running the IIS Lockdown
and various other security bits and bobs, the ability for OWA users to
change passwords was taken out (this was recommended to me by an E2K
Guru).

I am now being asked by my client as to why the password change feature
was removed. The best reply I was able to give (from my initial chat
with the E2K guy) was "It's a security risk".

Now I can't get hold of the guy to ask him specifically 'why' it was
taken out. And I can't find any tech bulletins to back this argument
up.....

Does anyone know of any 'sound' technical reasons as to why the password
change feature should be taken out of an internet-visible OWA box? And
why it should stay out????

TIA.

Regards
Rob Hemmings
Bexley Mail Administrator / Postmaster

rob.hemmings@xxxxxxxxxxxxx <mailto:rob.hemmings@xxxxxxxxxxxxx>

-----------------------------------------------------------------------------------------


This email is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited.


If you have received this email in error please notify Bexley Council by telephone on +44 (0) 20 8303 7777.

Web Site: http://www.bexley.gov.uk


_________________________________________________________________
MSN Hotmail, o maior webmail do Brasil.  http://www.hotmail.com



Other related posts: