CVE Certified

OWA Public folders & Address book

prev next

Google search: inurl:root.asp?acs=anon

Hits: 10443

Submited: 2004-06-19

This search jumps right to the main page of Outlook Web Access Public Folders and the Exchange Address Book:.An attacker can use the addressbook to enumerate usernames anonymously without having to logon. These usernames can then be used to guess the mailbox passwords. An attacker can also browse the public folders to gather extra information about the organisation.