Outlook On The Web Security Risk!!!

  • From: "Phil Marano" <pmarano@xxxxxxxx>
  • To: exchangelist@xxxxxxxxxxxxx
  • Date: Thu, 9 Feb 2006 10:53:13 -0700

Does anyone know how to prevent users once they are logged into their mail
account via the web client from adding another users email account name to
the end of the current web address and viewing that persons mailbox?

(ie:
http://mail.yourdomain.com/exchange/jdoe
<---- adding a users account name to then of the /exchange/ directory will 
allow that person to view anyone mailbox.)

This is exchange 2003


Other related posts: