OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Info about Microsoft Exchange application protocol
From: Walter Williams (walter.williamsGENUITY.COM)
Date: Mon Apr 24 2000 - 23:24:38 CDT

There are a number of possible protocols at work here:

SMTP
IMAP 4
POP 3
LDAP 3

MAPI

So the first question becomes what is the nature of Outlook's configuration,
(Open Internet or Corporate Workgroup). Corporate Workgroup is limited to
MAPI, POP & SMTP. Open Internet is limited to SMTP, IMAP, POP & LDAP.

How the password is sent is a derivitive of that. If MAPI, then yes Outlook
passes a token of the password to the server. If POP, IMAP (Autheniticated
SMTP) any password may be sent as clear text unless the Exchange server is
configured to offer an encrypted authentication on these protocols and the
client is configured in a simular manner.

Walt

-----Original Message-----
From: VULN-DEV List [mailto:VULN-DEVSECURITYFOCUS.COM]On Behalf Of
Bobby, Paul
Sent: Monday, April 24, 2000 3:37 PM
To: VULN-DEVSECURITYFOCUS.COM
Subject: Info about Microsoft Exchange application protocol

I haven't done an exhaustive search, but asking here is part of it.

Where can I find information about the protocol exchange between Microsoft
Outlook and Exchange? Is the userid and password a standard windows client->
windows server exchange?

Paul Bobby
-----------------
<dream> Got Root? </dream>