An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Exchange_server | Microsoft | 5.5 (including) | 5.5 (including) |
| Exchange_server | Microsoft | 5.5-sp1 (including) | 5.5-sp1 (including) |
| Exchange_server | Microsoft | 5.5-sp2 (including) | 5.5-sp2 (including) |
| Exchange_server | Microsoft | 5.5-sp3 (including) | 5.5-sp3 (including) |
| Exchange_server | Microsoft | 5.5-sp4 (including) | 5.5-sp4 (including) |
| Exchange_server | Microsoft | 2000 (including) | 2000 (including) |
| Exchange_server | Microsoft | 2000-sp1 (including) | 2000-sp1 (including) |
| Exchange_server | Microsoft | 2000-sp2 (including) | 2000-sp2 (including) |