Re: Microsoft Outlook Web Access owalogon.asp script URL redirect

"Jacky" <Jacky@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:EC066260-32EF-4C24-BAA1-C4D8522CFA5C@xxxxxxxxxxxxxxxx
Does anyone know a solution or workaround for this?

The remote web server is vulnerable to a URL injection vulnerability.
Description : The remote host is running Microsoft Outlook Web Access
2003.
Due to a lack of sanitization of the user input, the remote version of
this
software is vulnerable to URL injection which can be exploited to redirect
a
user to a different, unauthorized web server after authenticating to OWA.
This unauthorized site could be used to capture sensitive information by
appearing to be part of the web application.

Per Exploitlabs, the following info is posted:

========
A vulnerability in Microsoft Outlook Web Access allows malicious
attackers to redirect the login to any URL they wish.
This allows the attacker to force the user to the site of the
attackers choosing enabling the attacker to use social engenering
and phishing style of attacks.


AFFECTED PRODUCTS
=================
Microsoft Outlook Web Access ( OWA )
Windows 2003

SOLUTION
========
Microsoft was contacted on Jan 20, 2005
NO patch has been produced to correct the vulnerability.
They have issued the following: on Jan 21, 2005

It seems like it wasn't considered sufficiently dangerous to warrant any
action on the part of MS. There are far easier ways of getting someone to
to visit a bogus web site (just mail someone a link to it, and those that
are daft enough will click on it). There has been no fix, or anything like
that. The only workaround is to stop using Forms-Based Authentication.

Lee.

--
_______________________________________

Outlook Web Access for PDA, OWA For WAP:
www.leederbyshire.com
________________________________________


.

Relevant Pages