HPE Community
BackOffice Products
1752766 Members
5172 Online
108789 Solutions
New Discussion юеВ

security problem in exchange 2003 server.

 
Thiyagu_2
Frequent Advisor

тАО02-10-2005 01:29 AM

тАО02-10-2005 01:29 AM

security problem in exchange 2003 server.

hi guys!

I am using Windows 2000 Advance Server and Exchange 2003 server.

I am facing a big security risk in my exchange server. The problem is, I can login into another users inbox and can see the mails of them. By doing the following things,

1) type, https://mydomain.com/exchange/username(another user)/inbox

it is asking for the username and password, by giving my username and password, I could enter the another users mailbox.

for ex, take a user A,

by typing https://mydomain.com/exchange/a/inbox, it asks for the username and password,

then i am giving my username and password, then i could see the inbox mails of user A.

I also deleted the cookies and cleared the history, they are helpless!

Please help me in this problem soon.

Thanks in advance!

0 Kudos
7 REPLIES 7
Ron Kinner
Honored Contributor

тАО02-10-2005 03:35 AM

тАО02-10-2005 03:35 AM

Re: security problem in exchange 2003 server.

Is your Username in the Adminstrator group?

Ron
0 Kudos
Thiyagu_2
Frequent Advisor

тАО02-10-2005 03:45 AM

тАО02-10-2005 03:45 AM

Re: security problem in exchange 2003 server.

No! I am not in the Administrator group.

And I checked with other mail-ids also.not only me others could also see the mail-ids of other people's mail box .

ie., everyone can see everyone's mailbox by this method.
0 Kudos
Akos Hegedus
Valued Contributor

тАО02-11-2005 01:00 AM

тАО02-11-2005 01:00 AM

Re: security problem in exchange 2003 server.

Hi,

the problem occurs only in OWA or you can add anyone mailbox to your mail profile and can see his/her mailbox?

regards,
Akos
0 Kudos
Akos Hegedus
Valued Contributor

тАО02-11-2005 01:05 AM

тАО02-11-2005 01:05 AM

Re: security problem in exchange 2003 server.

Check security in System Manager on the Organization object!

http://support.microsoft.com/default.aspx?scid=kb;en-us;264733
0 Kudos
Thiyagu_2
Frequent Advisor

тАО02-11-2005 03:32 AM

тАО02-11-2005 03:32 AM

Re: security problem in exchange 2003 server.

Sorry ya!

I could not get you. Where I can found that. And what is it for?

Thanks in advance
0 Kudos
Thiyagu_2
Frequent Advisor

тАО02-15-2005 10:09 PM

тАО02-15-2005 10:09 PM

Re: security problem in exchange 2003 server.

I think it's the problem of settings in the mailbox rights. Please have a look at the attachment.

It has full mailbox access to everyone. Actually I upgraded exchange 2000 to exchange 2003. So the permissions are mingled. I am not sure whether it is right or wrong. It's my guess.

I think it should be changed to only read permission for everyone group. And when I go to change the mailbox rights, i cant' because they are greyed out and disabled.

Please help me how to change to the settings like in the attached file.
0 Kudos
Thiyagu_2
Frequent Advisor

тАО02-22-2005 12:46 AM

тАО02-22-2005 12:46 AM

Re: security problem in exchange 2003 server.

A log is also generated in Event viewer as,

Event ID:1016
Type:Success Audit
Category: Logons
Source: ExchangeIS Mailbox Store

Windows 2000 User domain\user1 logged on to user2@mydomain.com mailbox, and is not the primary Windows 2000 account on this mailbox.

For more information, click http://www.microsoft.com/contentredirect.asp.

It is sure that user1 has logged into user2's inbox.

I found this in http://support.microsoft.com/kb/173692/EN-US/
But i could not find the solution.


How can I solve it?

Thanks in advance!
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.