CVE-2002-0507

Microsoft Exchange Server - Authentication Bypass via Repeated OWA Requests

Title source: llm
STIX 2.1

Description

An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA.

References (3)

Core 3
Core References
Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/8681.php
Third Party Advisory, VDB Entry, Vendor Advisory mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/264705
Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4390

Scores

EPSS 0.0222
EPSS Percentile 80.4%

Details

CWE
CWE-287
Status published
Products (3)
microsoft/exchange_server 5.5 (5 CPE variants)
microsoft/exchange_server 2000 (3 CPE variants)
rsa/securid 5.0
Published Aug 12, 2002
Tracked Since Feb 18, 2026