Info

Last Modified

6 months ago

Percent Complete

100%

Disclosure

May 23, 2003

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Microsoft Exchange Outlook Web Access (OWA) contains a flaw that may allow a malicious user to access an OWA account without authenticating with SecurID. The issue is triggered when authenticating with SecureID to an email account through OWA. It is possible that the flaw may allow an attacker to log out of the primary email account and access a other OWA accounts without having to re-authenticate using SecurID and result in a loss of confidentiality, integrity, and/or availability.

Classification

Location: Remote/Network Access Required
Attack Type: Authentication Management
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Microsoft Corporation	Exchange Server	5.5 SP4
		2000
		2000 SP1
		2000 SP2
		5.5
		5.5 SP1
		5.5 SP2
		5.5 SP3

RSA Security

SecurID

5.0

References

Bugtraq ID: 4390
Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2002-03/0354.html
ISS X-Force ID: 8681
Mail List Post: http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-05/0255.html
CVE ID: 2002-0507 (see also: NVD)

Credit

Marzio Scalise - marzioscalisekpmg.it - KPMG Information Risk Management - Italy

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Exchange Server

RSA Security

SecurID

References

Credit

Blogs

Comments