Google Search: inurl:root.asp?acs=anon
Kartik rates this entry 4 out of 10.
Submitted: 2004-06-19 00:00:00
Added by: Kartik
This search jumps right to the main page of Outlook Web Access Public Folders and the Exchange Address Book:.An attacker can use the addressbook to enumerate usernames anonymously without having to logon. These usernames can then be used to guess the mailbox passwords. An attacker can also browse the public folders to gather extra information about the organisation.