Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Exchange security hole

Status
Not open for further replies.
danno74

danno74

IS-IT--Management
Nov 13, 2002
295
US
This is bad...

A company I work with has outlook web access on an Exchange 2000 SP2 server. When they type in that address to get in, like this:


Problem is, when you enter in someone else's username at the end of the link, and then the prompt comes up and you enter YOUR username and pass, you can see THEIR inbox! Has anyone seen this before, and if so, how the hell can you stop it?

Thanks.
 
Sort by date Sort by votes
You either have delegated rights or you are using an account that has rights to view that mailbox.

It does not work like that when (default) permissions are set correctly.
 
Upvote 0 Downvote
Thanks for the tip, I have found the culprit. Their IT security group has permission to view all mailboxes. I am trying to remove it, but it keeps giving me the "You cannot remove this object because it is inheriting permissions from it's parent. Turn off the option for inheriting permissions and then try removing again." I would but the window I am in under the mailbox properties, under the Exchange Advanced tab, there is no option as there usually is for security permissions. Any idea as to how I can find this? I have gone under Advanced and looked around and couldn't find anything.

Thanks!
 
Upvote 0 Downvote
Can you not make yourself the owner under advanced first?
Tell us exactly what MMC you are using to do this then I can compare it.
 
Upvote 0 Downvote
Sorry, i am a novice as far as setting the advanced security settings. What do you mean by making myself the owner, of the mailbox??? What is a MMC?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

T
  • Locked
  • Question
How to use third party mail security gateway to scan internal/inter-domain mails in Exchange On-Premise?
Replies
3
Views
956
DrB0b
DrB0b
PatrickRoggers
  • Locked
  • Helpful tip
Safest Way to Import PST file into Exchange Online
Replies
0
Views
1K
PatrickRoggers
PatrickRoggers
ComputersUnlimited
  • Locked
  • Question
Migrating to Exchange 2019
Replies
0
Views
1K
ComputersUnlimited
ComputersUnlimited
Brent Fletcher
  • Locked
  • Question
Exchange rule to remove "✉" icon when it appears in a subject title from a supplier
Replies
0
Views
1K
Brent Fletcher
Brent Fletcher
stanlyn
  • Locked
  • Question
How to do Certificates on MultiDomain Exchange with Least Cost
Replies
1
Views
1K
Wesaf
Wesaf

Part and Inventory Search

Sponsor

Back
Top