BID:12459

Microsoft Outlook Web Access Login Form Remote URI Redirection Vulnerability

Info

Microsoft Outlook Web Access Login Form Remote URI Redirection Vulnerability

Bugtraq ID:	12459
Class:	Input Validation Error
CVE:	CVE-2005-0420
Remote:	Yes
Local:	No
Published:	Feb 07 2005 12:00AM
Updated:	Jun 05 2019 11:00AM
Credit:	"morning_wood" <[email protected]> is credited with the disclosure of this issue.
Vulnerable:	Microsoft Exchange Server 2003 SP1 Microsoft Exchange Server 2003

Not Vulnerable:	Microsoft Exchange Server 2007 0

Discussion

Microsoft Outlook Web Access Login Form Remote URI Redirection Vulnerability

A remote URI-redirection vulnerability affects Microsoft Outlook Web Access. This issue occurs because the application fails to properly sanitize URI-supplied data.

An attacker may leverage this issue to carry out convincing phishing attacks against unsuspecting users by causing an arbitrary page to be loaded when the Microsoft Outlook Web Access login form is submitted.

Exploit / POC

Microsoft Outlook Web Access Login Form Remote URI Redirection Vulnerability

No exploit is required. The following proofs of concept have been provided:

https://owa.example.com/exchweb/bin/auth/owalogon.asp?url=http://www.example.net
https://owa.example.com/exchweb/bin/auth/owalogon.asp?url=http://3221234342/

Solution / Fix

Microsoft Outlook Web Access Login Form Remote URI Redirection Vulnerability

Solution:
The vendor has addressed this issue in Exchange 2007. Contact the vendor for details.

References

Microsoft Outlook Web Access Login Form Remote URI Redirection Vulnerability

References:

[Full-disclosure] OWA login redirection - Mitigation (Morning Wood)
Exchange Server Home Page (Microsoft)
EXPL-A-2005-001 exploitlabs.com Advisory 030 (Donnie Werner)