RE: Outlook On The Web Security Risk!!!

  • From: Tom Kern <tpkern@xxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Thu, 9 Feb 2006 14:15:46 -0500

Actually, unless you change the default ACL's, as an admin you shouldn't be
able to open up user's mailboxes either....

On 2/9/06, Dee Arnold <Deea@xxxxxxxx> wrote:
>
> http://www.MSExchange.org/
>
> If you are an administrator, you will be able to do this. Have you logged
> in
> as a common user and tried it?
>
> -----Original Message-----
> From: Bob Fronk [mailto:bobfronk@xxxxxxxxx]
> Sent: Thursday, February 09, 2006 12:32 PM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Outlook On The Web Security Risk!!!
>
> http://www.MSExchange.org/
>
> It shouldn't.... You have a permissions issue somewhere.
>
> Bob Fronk
> bobfronk@xxxxxxxxx
> > -----Original Message-----
> > From: Phil Marano [mailto:pmarano@xxxxxxxx]
> > Sent: Thursday, February 09, 2006 12:53 PM
> > To: [ExchangeList]
> > Subject: [exchangelist] Outlook On The Web Security Risk!!!
> >
> > http://www.MSExchange.org/
> >
> > Does anyone know how to prevent users once they are logged into their
> > mail account via the web client from adding another users email
> > account name to the end of the current web address and viewing that
> persons
> mailbox?
> >
> > (ie:
> > http://mail.yourdomain.com/exchange/jdoe
> > <---- adding a users account name to then of the /exchange/ directory
> > will allow that person to view anyone mailbox.)
> >
> > This is exchange 2003
> >
> > ------------------------------------------------------
> > List Archives:
> > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this MSExchange.org Discussion List as:
> > bfronk@xxxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> > Report abuse to info@xxxxxxxxxxxxxx
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this MSExchange.org Discussion List as:
> deea@xxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to info@xxxxxxxxxxxxxx
>
>
>
> #####################################################################################
> Only the individual sender is responsible for the content of the message,
> and the message does not necessarily reflect the position or policy of the
> Texas State Teachers Association or its affiliates.
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this MSExchange.org Discussion List as:
> tpkern@xxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to info@xxxxxxxxxxxxxx
>

Other related posts:

  1. Home
  2. exchangelist
  3. Archive
  4. 02-2006