HTTP: Outlook Web Access Login Redirection
This signature detects attempts to exploit a known vulnerability in Microsoft Outlook Web Access that ships with Microsoft Exchange Server. Attackers can create a malicious link that, when accessed, can trick users into believing they are logging into their mail server, but instead their login information is being redirected to a Web site of the attacker's choice. Attackers can obtain user OWA login credentials, which are usually the same as NT Domain logins, enabling attackers to access the domain with the stolen user credentials.
Extended Description
A remote URI-redirection vulnerability affects Microsoft Outlook Web Access. This issue occurs because the application fails to properly sanitize URI-supplied data. An attacker may leverage this issue to carry out convincing phishing attacks against unsuspecting users by causing an arbitrary page to be loaded when the Microsoft Outlook Web Access login form is submitted.
Affected Products
Microsoft exchange_server_2003
Short Name
HTTP:OWA:LOGIN-REDIR
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Access CVE-2005-0420 Login Outlook Redirection Web bid:12459
Release Date
03/07/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Microsoft
CVSS Score
5.8