• Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Authentication Question

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2010] >> Outlook Web Access >> Authentication Question Page: [1]
Message << Older Topic   Newer Topic >>
Authentication Question - 22.Feb.2010 6:41:43 PM   


Posts: 3
Joined: 12.Feb.2010
Status: offline
Hey everyone...

I've noticed something majorly wierd. I recently had to change my password  from within OWA. I've rebooted my system. Even used other browsers. But no matter what I can log in with my old password. Whats really bizare is that I can log in with up to the last 3 passwords I've used on this system (windows xp pro at work) or even my machine I use for testing connectivity outside the company network (linux box). For the one I use work - I can reboot, and log in to other profiles, even those I've never used webmail before in, and it still loads up my webmail with my old passwords. I've tried using a complete different station - and I wasn't able to log in with the old passwords at all. This leads me to believe its a cached credential that is persisitant to the browser. I have not tried to log into webmail under a different profile from my linux box outside the network.

When I log in with my old passwords, I am able to send and recieve email, change settings, including changing the password.

This has me and the others in our I.T. department worried about security. Because this doesn't seem to matter which profile one log's into, and as long as someone uses the same machine, knows one of the older passwords, a person can gain full access to someone else's email.

Has anyone seen or heard of anything like this before? We are using Exchange 2007 on Server 2008.
Post #: 1

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2010] >> Outlook Web Access >> Authentication Question Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts

Follow TechGenix on Twitter