Re: Info about Microsoft Exchange application protocol

[KHeadley () DLJ COM (Headley, Kevin)]

Gentlemen:

Please remember that the client itself can be configured to send clear text.
The protocol feature in later versions of Exchange server accepts this by
default.

The following article gives a precise breakdown of how this is arranged:
http://support.microsoft.com/support/kb/articles/Q175/4/40.ASP

> -----Original Message-----
> From: Walter Williams [SMTP:walter.williams () GENUITY COM]
> Sent: Tuesday, April 25, 2000 12:25 AM
> To:   VULN-DEV () securityfocus com
> Subject:      Re: Info about Microsoft Exchange application protocol
>
> There are a number of possible protocols at work here:
>
> SMTP
> IMAP 4
> POP 3
> LDAP 3
>
> MAPI
>
> So the first question becomes what is the nature of Outlook's
> configuration,
> (Open Internet or Corporate Workgroup).  Corporate Workgroup is limited to
> MAPI, POP & SMTP.  Open Internet is limited to SMTP, IMAP, POP  & LDAP.
>
> How the password is sent is a derivitive of that.  If MAPI, then yes
> Outlook
> passes a token of the password to the server.  If POP, IMAP
> (Autheniticated
> SMTP) any password may be sent as clear text unless the Exchange server is
> configured to offer an encrypted authentication on these protocols and the
> client is configured in a simular manner.
>
> Walt
>
> -----Original Message-----
> From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of
> Bobby, Paul
> Sent: Monday, April 24, 2000 3:37 PM
> To: VULN-DEV () SECURITYFOCUS COM
> Subject: Info about Microsoft Exchange application protocol
>
>
> I haven't done an exhaustive search, but asking here is part of it.
>
> Where can I find information about the protocol exchange between Microsoft
> Outlook and Exchange? Is the userid and password a standard windows
> client->
> windows server exchange?
>
> Paul Bobby
> -----------------
> <dream> Got Root? </dream>