RE: Soka|OWA 2003|Change Password feature

• From: "Maglinger, Paul" <PMAGLINGER@xxxxxxxx>
• To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
• Date: Fri, 17 Feb 2006 15:21:17 -0600

Why would "User A" know "User B"'s password?  That's your security
problem.

________________________________

From: Robert Lawson [mailto:rlawson@xxxxxxxx] 
Sent: Friday, February 17, 2006 15:09
To: [ExchangeList]
Subject: Soka|OWA 2003|Change Password feature


Hello All,

We are looking at the OWA 2003 "Change Password" feature for our
production environment.   The odd thing is it allows "User A" to change
the password of "User B", if "User B"'s password is known by "User A".
This seems to be a security loophole we don't want to open.  Is anyone
using the "Change Password" feature that can share their experiences?

  We are Exchange 2003 SP1 Enterprise shop.  1FE/2BE configuration.

Thanks, Robert

 

Robert Lawson

Senior Database Administrator/email administrator

Soka University of America

1 University Drive

Aliso Viejo, CA. 92656  USA

main: 949.480.4000 fax: 949.480.4258

direct: 949.480.4224 rlawson@xxxxxxxx 

Other related posts:

• » Soka|OWA 2003|Change Password feature
• » RE: Soka|OWA 2003|Change Password feature
• » RE: Soka|OWA 2003|Change Password feature
• » RE: Soka|OWA 2003|Change Password feature

1. Home
2. exchangelist
3. Archive
4. 02-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---