|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: [Full-disclosure] Secure OWA
From: Renshaw, Rick \(C.\) (rrenshaw
ford.com)
Date: Wed Aug 30 2006 - 08:06:55 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----Original Message-----
From: full-disclosure-bounceslists.grok.org.uk
[mailto:full-disclosure-bounceslists.grok.org.uk] On Behalf Of Dude
VanWinkle
Sent: Saturday, August 26, 2006 2:30 PM
To: Adriel Desautels
Cc: full-disclosurelists.grok.org.uk
Subject: Re: [Full-disclosure] Secure OWA
> The only real fault I know about is the fact that you can guess passwords
eternally without locking out user accounts.
There's two sides to this risk. If you allow OWA logins to lock out
accounts, and your OWA page is available from anywhere on the Internet, you
are handing an easy DOS tool to anyone that knows the account names for
people on your server.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- application/x-pkcs7-signature attachment: smime.p7s
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]