I am currently testing an OWA (Outlook Web Access) server, and would like to know if people are aware of vulnerabilities for this webmail front-end. After reading some literature (thanks to google) I've found that it's a security risk on network topologies since it has to access the NT Domain Server in order to authenticate users. There are also recommendations to restrict anonymous access to the front-end. I have been able to succesful exploit the latests vulnerability through access to /exchange/finduser/details.asp?obj=XXXX. I've also been able to automize this access to take a look at all the users (the XXX besides the obj seems to have some kind of regularity (a 64-hex number with changes around the last 8 hex). It's not as easy as it might look at first (you have to first access the logon form and take a cookie for the session). The webmail uses a twostep process for authentication. First it asks for mailbox name, I figure it's the user's e-mail, and the second seems to be NTdomain/user+password... Does anyone have experience with OWA penetration? I think it's not much in use there... Regards Javi
This archive was generated by hypermail 2b30 : Thu Apr 26 2001 - 14:37:26 PDT