Vulnerability Development mailing list archives
Re: Info about Microsoft Exchange application protocol
From: DGASPAR () NCH COM (David Gaspar)
Date: Tue, 25 Apr 2000 11:03:41 -0500
For Outlook and Exchange you need the following ports: tcp 135 TCP 11140 TCP 11145 TCP 11150 David L. Gaspar Network Specialist - Enterprise Security -----Original Message----- From: Walter Williams [mailto:walter.williams () GENUITY COM] Sent: Monday, April 24, 2000 11:25 PM To: VULN-DEV () SECURITYFOCUS COM Subject: Re: Info about Microsoft Exchange application protocol There are a number of possible protocols at work here: SMTP IMAP 4 POP 3 LDAP 3 MAPI So the first question becomes what is the nature of Outlook's configuration, (Open Internet or Corporate Workgroup). Corporate Workgroup is limited to MAPI, POP & SMTP. Open Internet is limited to SMTP, IMAP, POP & LDAP. How the password is sent is a derivitive of that. If MAPI, then yes Outlook passes a token of the password to the server. If POP, IMAP (Autheniticated SMTP) any password may be sent as clear text unless the Exchange server is configured to offer an encrypted authentication on these protocols and the client is configured in a simular manner. Walt -----Original Message----- From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of Bobby, Paul Sent: Monday, April 24, 2000 3:37 PM To: VULN-DEV () SECURITYFOCUS COM Subject: Info about Microsoft Exchange application protocol I haven't done an exhaustive search, but asking here is part of it. Where can I find information about the protocol exchange between Microsoft Outlook and Exchange? Is the userid and password a standard windows client-> windows server exchange? Paul Bobby ----------------- <dream> Got Root? </dream>
Current thread:
- Re: Info about Microsoft Exchange application protocol Headley, Kevin (Apr 25)
- <Possible follow-ups>
- Re: Info about Microsoft Exchange application protocol David Gaspar (Apr 25)