Investigations are on by Microsoft for locating a flaw in its Exchange Server 2003, due to which a person can gain unauthorized access to another users account.
An Exchange component called Outlook Web Access (OWA), which allows users to access their in-boxes and folders via a Web browser, is said to be the root of the flaw.
Users logging into their Web-based mailbox, may find themselves accessing another user's account, with full privileges.
Microsoft officials urged that although the flaw appears to occur only when Kerberos authentication is disabled, consumers should keep the Kerberos authentication enabled for the time being, till a patch or more sufficient information is issued. Kerberos is the method that Microsoft uses for authenticating requests for services.
This is not the first time that OWA has suffered security breaches. In 2001, Microsoft released a patch for the OWA feature in Exchange 5.5 and 2000, but the patch itself caused many servers to overload and hang.
