|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Info about Microsoft Exchange application protocol
From: Headley, Kevin (KHeadley
DLJ.COM)Date: Tue Apr 25 2000 - 08:57:16 CDT
- Next message: Granquist, Lamont: "Re: No-Exec Stack Smashing 101"
- Previous message: John Bock: "Re: DOS on inetd w/ nmap"
- Maybe in reply to: Bobby, Paul: "Info about Microsoft Exchange application protocol"
- Next in thread: David Gaspar: "Re: Info about Microsoft Exchange application protocol"
- Maybe reply: Headley, Kevin: "Re: Info about Microsoft Exchange application protocol"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Gentlemen:
Please remember that the client itself can be configured to send clear text.
The protocol feature in later versions of Exchange server accepts this by
default.
The following article gives a precise breakdown of how this is arranged:
http://support.microsoft.com/support/kb/articles/Q175/4/40.ASP
> -----Original Message-----
> From: Walter Williams [SMTP:walter.williamsGENUITY.COM]
> Sent: Tuesday, April 25, 2000 12:25 AM
> To: VULN-DEVsecurityfocus.com
> Subject: Re: Info about Microsoft Exchange application protocol
>
> There are a number of possible protocols at work here:
>
> SMTP
> IMAP 4
> POP 3
> LDAP 3
>
> MAPI
>
> So the first question becomes what is the nature of Outlook's
> configuration,
> (Open Internet or Corporate Workgroup). Corporate Workgroup is limited to
> MAPI, POP & SMTP. Open Internet is limited to SMTP, IMAP, POP & LDAP.
>
> How the password is sent is a derivitive of that. If MAPI, then yes
> Outlook
> passes a token of the password to the server. If POP, IMAP
> (Autheniticated
> SMTP) any password may be sent as clear text unless the Exchange server is
> configured to offer an encrypted authentication on these protocols and the
> client is configured in a simular manner.
>
> Walt
>
> -----Original Message-----
> From: VULN-DEV List [mailto:VULN-DEVSECURITYFOCUS.COM]On Behalf Of
> Bobby, Paul
> Sent: Monday, April 24, 2000 3:37 PM
> To: VULN-DEVSECURITYFOCUS.COM
> Subject: Info about Microsoft Exchange application protocol
>
>
> I haven't done an exhaustive search, but asking here is part of it.
>
> Where can I find information about the protocol exchange between Microsoft
> Outlook and Exchange? Is the userid and password a standard windows
> client->
> windows server exchange?
>
> Paul Bobby
> -----------------
> <dream> Got Root? </dream>
- Next message: Granquist, Lamont: "Re: No-Exec Stack Smashing 101"
- Previous message: John Bock: "Re: DOS on inetd w/ nmap"
- Maybe in reply to: Bobby, Paul: "Info about Microsoft Exchange application protocol"
- Next in thread: David Gaspar: "Re: Info about Microsoft Exchange application protocol"
- Maybe reply: Headley, Kevin: "Re: Info about Microsoft Exchange application protocol"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]