Microsoft Outlook Web Access with RSA SecurID Authentication Bypass Vulnerability

RSA SecurID is a two factor Authentication system, designed to allow remote authentication to a variety of resources through the usage of an authenticator in conjunction with a user password. Microsoft Outlook Web Access (OWA) is a component of Microsoft Exchange Server, used to provide a web interface for email.

Reportedly, a user able to access the OWA system after proper SecurID authentication may then attempt to access OWA as a different user without providing additional SecurID authentication. A valid user and password is still required for both OWA authentication attempts.

Although an error message is displayed, multiple attempts will reportedly result in access to the OWA system.


Privacy Statement
Copyright 2010, SecurityFocus