-
February 15th, 2005, 02:13 PM
#1
For the OWA Admins out there.
There is a vulnerability out there that allows a malicious person to redirect your users away from your trusted site to another that appears to be a "normal" login screen. The user login obviously "fails" and the user is then redirected back to the trusted server's login screen. Obviously, in the meantime, the user's login credentials have been hijacked.
Source
Since this requires a user to click on or cut and paste a malformed url the current mitigation is to instruct all users not to, under any circumstances, follow links to their OWA that are sent to them or that appear on any web page except, maybe on the corporate intranet if you link them there.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|