locked
Weird Exchange 2007 password issue RRS feed

  • Question

  • Hi

    I have a client who changed a password for an employee who left on a Monday, so there is no way the employee could have had the new password, but on the Wednesday they somehow logged into OWA and sent an email to other employees, then the password was change again and then again on the Friday they logged in and sent another email, at this stage the account was deleted, has anyone any reasonable explanation as to how this could have happened?

    I have read online that security tokens and latency may be a factor but would human intervention seem more plausible due to the gap in time with password changes? (i.e. someone gave them the password?)

    Would love to hear from anyone with a theory?

    Thanks Spud


    Spudney

    Wednesday, March 14, 2012 9:15 AM

Answers

  • Are you sure it was sent with OWA and not ActiveSync?

    Are you sure that it was sent internally and not just via SMTP inbound with the headers spoofed?

    The best way to ensure that the link is broken is after changing the password run IISRESET. Any sessions will then have to authentication.

    Rule those out and then it has to be someone handing out the password internally - but why would the password be known - if someone needs access to the mailbox, give them permissions, not the password.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.

    • Marked as answer by Sophia Xu Friday, March 23, 2012 5:24 AM
    Wednesday, March 14, 2012 5:36 PM