Weird Exchange 2007 password issue
Hi I have a client who changed a password for an employee who left on a Monday, so there is no way the employee could have had the new password, but on the Wednesday they somehow logged into OWA and sent an email to other employees, then the password was change again and then again on the Friday they logged in and sent another email, at this stage the account was deleted, has anyone any reasonable explanation as to how this could have happened? I have read online that security tokens and latency may be a factor but would human intervention seem more plausible due to the gap in time with password changes? (i.e. someone gave them the password?) Would love to hear from anyone with a theory? Thanks SpudSpudney
March 14th, 2012 5:15am

Are you sure it was sent with OWA and not ActiveSync? Are you sure that it was sent internally and not just via SMTP inbound with the headers spoofed? The best way to ensure that the link is broken is after changing the password run IISRESET. Any sessions will then have to authentication. Rule those out and then it has to be someone handing out the password internally - but why would the password be known - if someone needs access to the mailbox, give them permissions, not the password. Simon. Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.
Free Windows Admin Tool Kit Click here and download it now
March 14th, 2012 1:36pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics