Exchange 5.0 POP3 Passwords Reported August 27, 1997 by Rajiv Pant Systems Affected Windows NT 4.0 Server running Exchange 5.0 with POP service The Problem
Exchange 5.0 Server"s POP3 service does not properly expire cached passwords. Therefore, old passwords continue to be valid along with newly set passwords until the cache expires. The same problem can be found in Microsoft"s FTP, HTTP, and Gopher services, as pointed out by David LeBlanc. According to Rajiv Pant, this problem does not affect the new web page interface to get your mail which uses a different authentication. Nor does it affect NT logons.
Stopping the Problem:
From the MS KB Article Q166620:
The credentials cache is controlled by the following registry values:
The Age limit specifies the maximum length of time (in minutes) for
entries to live in the cache, the Idle limit specifies the amount of
idle time after which a credential cache element will be considered
too old (and thus discarded).
Microsoft"s Response: They have been notified, but their response it unknown as of September 1. Perhaps this functionality is by design.
To learn more about new NT security concerns,
subscribe to NTSD. Credit: |
Exchange 5.0 POP Psws
0 comments
Hide comments