[19930] in bugtraq
Re: Security bugs in interactions between IE 5.x,
daemon@ATHENA.MIT.EDU (Chad Kalmes)
Fri Mar 30 01:16:47 2001
Message-ID: <20010328181631.11754.qmail@securityfocus.com>
Date: Wed, 28 Mar 2001 18:16:31 -0000
Reply-To: chad.j.kalmes@US.ARTHURANDERSEN.COM
From: Chad Kalmes <chad.j.kalmes@US.ARTHURANDERSEN.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
I've tested this out and the query seems to run fine
and returns the stated information, but only if the
exchange resources via the web don't require
authentication. If they do, you need to know the other
user's password in order to list out the directory
contents.
Who would allow web access to a mail server that
does not require the user to authenticate to view their
mail? Basic security settings seem to prevent this
from being an issue.
Chad Kalmes
